Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by tfhfh (administrator) on TFHFH-PC (06-04-2018 00:00:02) Running from C:\Users\tfhfh\Downloads Loaded Profiles: tfhfh (Available Profiles: tfhfh) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cezurity) C:\Program Files\Cezurity\Antivirus\cube_svc.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Cezurity) C:\Program Files\Cezurity\Antivirus\Cube.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (BitTorrent Inc.) C:\Users\tfhfh\AppData\Roaming\uTorrent\uTorrent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor) GroupPolicy: Restriction <==== ATTENTION GroupPolicy\User: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.11 192.168.2.14 Tcpip\..\Interfaces\{DFFFF244-17CB-460C-9487-AD9AE6358E92}: [DhcpNameServer] 192.168.2.11 192.168.2.14 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2751068646-1959373384-1878528673-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2751068646-1959373384-1878528673-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ru/ BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: d5cg7kq1.default FF ProfilePath: C:\Users\tfhfh\AppData\Roaming\Mozilla\Firefox\Profiles\d5cg7kq1.default [2018-04-05] FF Homepage: Mozilla\Firefox\Profiles\d5cg7kq1.default -> hxxp://www.google.ru/ FF Extension: (VK Universal Downloader) - C:\Users\tfhfh\AppData\Roaming\Mozilla\Firefox\Profiles\d5cg7kq1.default\Extensions\@vkmad.xpi [2018-04-02] FF Extension: (ADB Helper) - C:\Users\tfhfh\AppData\Roaming\Mozilla\Firefox\Profiles\d5cg7kq1.default\Extensions\adbhelper@mozilla.org.xpi [2018-02-24] [Legacy] FF Extension: (uBlock Origin) - C:\Users\tfhfh\AppData\Roaming\Mozilla\Firefox\Profiles\d5cg7kq1.default\Extensions\uBlock0@raymondhill.net.xpi [2018-04-02] FF Extension: (Adblock Plus) - C:\Users\tfhfh\AppData\Roaming\Mozilla\Firefox\Profiles\d5cg7kq1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-16] FF Extension: (MediaSave. Скачать музыку бесплатно) - C:\Users\tfhfh\AppData\Roaming\Mozilla\Firefox\Profiles\d5cg7kq1.default\Extensions\{ffc57877-9767-4ede-bef8-74ba36221bef}.xpi [2017-07-03] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-18] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-18] () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\tfhfh\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-11] () R2 CubeService; C:\Program Files\Cezurity\Antivirus\cube_svc.exe [10131112 2017-06-20] (Cezurity) S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт) S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R0 cz_cube; C:\Windows\System32\Drivers\cz_cube.sys [4417960 2017-06-20] () R1 cz_ddall; C:\Windows\system32\Drivers\cz_ddall.sys [2522024 2017-06-20] (Cezurity) R0 cz_vdskl; C:\Windows\System32\Drivers\cz_vdskl.sys [13912 2017-06-20] () R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys ==> MD5 is legit C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys C68E62B6808B6C64CC6B42375508E1E8 C:\Windows\System32\DRIVERS\atikmpag.sys 007F8DCAACA294394DDCF960006E0EF6 C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\AsIO.sys A82C01606DC27D05D9D3BFB6BB807E32 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtihdW76.sys 999BC356F5AB544B5DE8BD47A6908730 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08 C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\cz_cube.sys D41D8CD98F00B204E9800998ECF8427E C:\Windows\system32\Drivers\cz_ddall.sys DE28F45441A4B8609182D43FF5ED5A6A C:\Windows\System32\Drivers\cz_vdskl.sys D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys A3BCBD0F710580A07D1B929D787D36CE C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ASACPI.sys 19B006B181E3875FD254F7B67ACF1E7C C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0 C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692 C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7 C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78 C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9 C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\system32\drivers\usbccgp.sys ==> MD5 is legit C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit C:\Windows\system32\drivers\usbhub.sys ==> MD5 is legit C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\system32\drivers\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit C:\Windows\system32\drivers\WUDFRd.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-06 00:00 - 2018-04-06 00:00 - 003522502 ___SH C:\Windows\system32\Drivers\cz_chfl.dat 2018-04-06 00:00 - 2018-04-06 00:00 - 000022811 _____ C:\Users\tfhfh\Downloads\FRST.txt 2018-04-05 23:58 - 2018-04-05 23:58 - 002406890 ___SH C:\Windows\system32\Drivers\cz_hvtbl.dat 2018-04-05 23:58 - 2018-04-05 23:58 - 000012476 _____ C:\Users\tfhfh\Desktop\Word_2010.torrent 2018-04-05 23:51 - 2018-04-05 23:51 - 000000000 ____D C:\Users\tfhfh\Downloads\FRST-OlderVersion 2018-04-05 23:41 - 2018-04-05 23:41 - 000012476 _____ C:\Users\tfhfh\Desktop\Word_2007.torrent 2018-04-05 19:02 - 2018-04-05 19:09 - 000900250 _____ C:\Users\tfhfh\Desktop\Презентация Тутов А.Е. Проектирование.pptx 2018-04-05 14:37 - 2018-04-05 14:37 - 000027865 _____ C:\Users\tfhfh\Desktop\virusinfo_syscure.zip 2018-04-05 14:37 - 2018-04-05 14:37 - 000000022 _____ C:\Users\tfhfh\Desktop\virusinfo_autoquarantine.zip 2018-04-05 14:32 - 2018-04-05 14:40 - 000055348 _____ C:\Users\tfhfh\Desktop\virusinfo_syscheck.zip 2018-04-05 14:27 - 2018-04-05 14:27 - 000599547 _____ C:\Users\tfhfh\Desktop\TFHFH-PC_2018-04-05_14-23-42.rar 2018-04-05 13:10 - 2018-04-05 13:10 - 000026342 ___SH C:\Windows\system32\Drivers\cz_chsd.dat 2018-04-05 13:10 - 2018-04-05 13:10 - 000000000 ____D C:\KVRT_Data 2018-04-05 13:09 - 2018-04-05 13:09 - 000000000 ____D C:\Users\Все пользователи\Doctor Web 2018-04-05 13:09 - 2018-04-05 13:09 - 000000000 ____D C:\Users\tfhfh\Doctor Web 2018-04-05 13:09 - 2018-04-05 13:09 - 000000000 ____D C:\ProgramData\Doctor Web 2018-04-05 12:57 - 2018-04-05 12:57 - 000002597 _____ C:\Users\Public\Desktop\Microsoft PowerPoint 2010.lnk 2018-04-04 16:22 - 2018-04-04 20:15 - 000315194 _____ C:\Users\tfhfh\Desktop\Презентация Тутов А.Е. Ремонт.pptx 2018-04-04 13:03 - 2018-04-05 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2018-04-04 13:02 - 2018-04-04 13:02 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2018-04-04 13:02 - 2018-04-04 13:02 - 000000000 ____D C:\Windows\SHELLNEW 2018-04-04 13:02 - 2018-04-04 13:02 - 000000000 ____D C:\Windows\PCHEALTH 2018-04-04 13:02 - 2018-04-04 13:02 - 000000000 ____D C:\Program Files\Microsoft Office 2018-04-04 13:01 - 2018-04-05 23:55 - 000000000 ____D C:\Users\Все пользователи\Microsoft Help 2018-04-04 13:01 - 2018-04-05 23:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-04-04 13:01 - 2018-04-04 13:01 - 000000000 __RHD C:\MSOCache 2018-04-04 13:01 - 2018-04-04 13:01 - 000000000 ____D C:\Users\tfhfh\AppData\Local\Microsoft Help 2018-04-04 13:00 - 2018-04-04 13:00 - 000000000 ____D C:\Program Files (x86)\PowerPoint 2010 2018-04-03 11:46 - 2018-04-03 11:46 - 000001347 _____ C:\Users\tfhfh\Desktop\Губанов 2.txt 2018-04-03 11:33 - 2018-04-03 12:09 - 000001283 _____ C:\Users\tfhfh\Desktop\Губанов 1.txt 2018-03-24 14:32 - 2018-03-24 14:32 - 000000000 ____D C:\Windows\Minidump\Cezurity 2018-03-18 09:04 - 2018-03-18 09:04 - 000004528 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-03-11 19:27 - 2018-04-06 00:00 - 000000000 ____D C:\FRST 2018-03-11 19:26 - 2018-04-05 23:51 - 002403328 _____ (Farbar) C:\Users\tfhfh\Downloads\FRST64.exe 2018-03-11 13:52 - 2018-03-11 13:52 - 000000000 ____D C:\Users\Public\Documents\Creative 2018-03-11 13:21 - 2018-03-11 13:21 - 000000632 _____ C:\Users\tfhfh\Desktop\FINAL FANTASY XV.lnk 2018-03-09 13:24 - 2018-03-10 14:09 - 000000000 ____D C:\Users\tfhfh\AppData\Local\ElevatedDiagnostics 2018-03-03 08:36 - 2018-03-03 08:36 - 000000000 ____D C:\Users\tfhfh\AppData\LocalLow\Crazy Monkey Studios 2018-03-03 08:28 - 2018-03-03 08:28 - 000000673 _____ C:\Users\tfhfh\Desktop\Guns Gore and Cannoli 2.lnk 2018-02-25 13:35 - 2018-02-25 13:35 - 000000000 ____D C:\Users\tfhfh\AppData\Local\UnrealEngine 2018-02-25 13:35 - 2018-02-25 13:35 - 000000000 ____D C:\Users\tfhfh\AppData\Local\TslGame 2018-02-24 19:11 - 2018-02-24 19:12 - 000000000 ____D C:\Windows\system32\MRT 2018-02-24 18:39 - 2011-04-09 09:58 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2018-02-24 18:39 - 2011-04-09 08:56 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2018-02-24 17:53 - 2014-05-14 19:23 - 002477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2018-02-24 17:53 - 2014-05-14 19:23 - 000700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2018-02-24 17:53 - 2014-05-14 19:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2018-02-24 17:53 - 2014-05-14 19:23 - 000058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2018-02-24 17:53 - 2014-05-14 19:23 - 000044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2018-02-24 17:53 - 2014-05-14 19:23 - 000038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2018-02-24 17:53 - 2014-05-14 19:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2018-02-24 17:53 - 2014-05-14 19:21 - 002620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2018-02-24 17:53 - 2014-05-14 19:20 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2018-02-24 17:53 - 2014-05-14 19:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2018-02-24 17:53 - 2014-05-14 09:23 - 000198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2018-02-24 17:53 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2018-02-24 17:53 - 2014-05-14 09:20 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2018-02-24 17:53 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2018-02-23 22:34 - 2018-02-23 22:34 - 000000222 _____ C:\Users\tfhfh\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url 2018-02-23 18:01 - 2018-02-23 18:01 - 000000770 _____ C:\Users\tfhfh\Desktop\Sniper Ghost Warrior 3.lnk 2018-02-23 18:01 - 2018-02-23 18:01 - 000000747 _____ C:\Users\tfhfh\Desktop\Выбор языка Sniper Ghost Warrior 3.lnk 2018-01-28 13:21 - 2018-01-28 14:15 - 000065000 _____ C:\Users\tfhfh\Downloads\radeon-software-adrenalin-17.12.1-minimalsetup-171211_64bit.exe ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-06 00:00 - 2017-06-26 22:26 - 000000000 ____D C:\Users\tfhfh\AppData\Roaming\uTorrent 2018-04-05 23:55 - 2017-06-26 23:42 - 000000000 __SHD C:\$OSBACKUP$ 2018-04-05 23:47 - 2017-06-25 19:12 - 000000000 ____D C:\Users\tfhfh\AppData\LocalLow\Mozilla 2018-04-05 20:29 - 2011-01-21 20:27 - 000723936 _____ C:\Windows\system32\perfh019.dat 2018-04-05 20:29 - 2011-01-21 20:27 - 000150252 _____ C:\Windows\system32\perfc019.dat 2018-04-05 20:29 - 2009-07-14 08:13 - 001647438 _____ C:\Windows\system32\PerfStringBackup.INI 2018-04-05 20:29 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf 2018-04-05 19:51 - 2017-06-25 19:45 - 000000000 ____D C:\Users\tfhfh\AppData\Roaming\vlc 2018-04-05 18:43 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-04-05 18:43 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-04-05 18:36 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-04-05 18:36 - 2009-07-14 07:45 - 000292072 _____ C:\Windows\system32\FNTCACHE.DAT 2018-04-05 17:12 - 2017-06-25 19:59 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2018-04-05 17:12 - 2017-06-25 17:02 - 000000000 ____D C:\Users\tfhfh 2018-04-05 16:20 - 2017-06-25 17:25 - 000062904 _____ C:\Users\tfhfh\AppData\Local\GDIPFONTCACHEV1.DAT 2018-04-05 14:26 - 2017-12-16 14:15 - 000000000 ____D C:\Users\tfhfh\Downloads\uvs 2018-04-05 12:46 - 2017-06-25 19:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-04-04 21:06 - 2017-10-08 17:38 - 000000000 ____D C:\AdwCleaner 2018-04-04 13:02 - 2009-07-14 06:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2018-04-01 09:49 - 2017-06-25 19:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-03-29 14:46 - 2017-06-28 19:54 - 000000000 ____D C:\Windows\SysWOW64\directx 2018-03-24 14:32 - 2017-06-26 23:40 - 000000000 ____D C:\Windows\Minidump 2018-03-19 05:37 - 2009-07-14 08:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD 2018-03-19 05:37 - 2009-07-14 08:08 - 000032498 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-03-18 16:30 - 2009-07-14 07:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2018-03-18 09:04 - 2017-06-25 19:23 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-03-18 09:04 - 2017-06-25 19:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-03-18 09:03 - 2017-06-25 19:23 - 000000000 ____D C:\Windows\system32\Macromed 2018-03-18 09:03 - 2017-06-25 19:22 - 000000000 ____D C:\Users\tfhfh\AppData\Local\Adobe 2018-03-17 10:42 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\LiveKernelReports 2018-03-12 06:01 - 2017-07-12 20:52 - 000000000 ____D C:\Program Files (x86)\Steam 2018-03-11 13:53 - 2017-09-27 20:05 - 000000000 ____D C:\Users\tfhfh\Documents\My Games 2018-03-10 14:09 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF 2018-03-10 12:47 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\Registration ==================== Files in the root of some directories ======= 2017-11-12 17:11 - 2017-11-12 17:11 - 000000037 ___SH () C:\Users\tfhfh\AppData\Local\20986331705021ca58edc424.96250074 2018-01-01 14:22 - 2018-01-01 14:25 - 000007599 _____ () C:\Users\tfhfh\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2018-04-04 12:59 - 2018-04-04 12:59 - 005111296 _____ (©Panadcenefef isinhuevirwa ) C:\Users\tfhfh\AppData\Local\Temp\bundle040418125911z.exe 2018-04-05 23:50 - 2018-04-05 23:50 - 005464064 _____ (©Ekeh ehuks ) C:\Users\tfhfh\AppData\Local\Temp\bundle050418235036z.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed C:\Windows\system32\drivers\cz_cube.sys -> Access Denied <======= ATTENTION C:\Windows\system32\drivers\cz_vdskl.sys -> Access Denied <======= ATTENTION ==================== BCD ================================ ��ᯥ��� ����㧪� Windows -------------------- �����䨪��� {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale ru-RU inherit {globalsettings} default {current} resumeobject {6c5ccdc2-5a12-11e7-9b67-bf78f1d5c992} displayorder {current} toolsdisplayorder {memdiag} timeout 0 ����㧪� Windows ------------------- �����䨪��� {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale ru-RU inherit {bootloadersettings} recoverysequence {6c5ccdc4-5a12-11e7-9b67-bf78f1d5c992} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {6c5ccdc2-5a12-11e7-9b67-bf78f1d5c992} nx OptIn numproc 4 usefirmwarepcisettings No ����㧪� Windows ------------------- �����䨪��� {6c5ccdc4-5a12-11e7-9b67-bf78f1d5c992} device ramdisk=[C:]\Recovery\6c5ccdc4-5a12-11e7-9b67-bf78f1d5c992\Winre.wim,{6c5ccdc5-5a12-11e7-9b67-bf78f1d5c992} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\6c5ccdc4-5a12-11e7-9b67-bf78f1d5c992\Winre.wim,{6c5ccdc5-5a12-11e7-9b67-bf78f1d5c992} systemroot \windows nx OptIn winpe Yes ��室 �� ०��� ����ୠ樨 -------------------------- �����䨪��� {6c5ccdc2-5a12-11e7-9b67-bf78f1d5c992} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No �஢�ઠ ����� Windows --------------------- �����䨪��� {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description �������⨪� ����� locale ru-RU inherit {globalsettings} badmemoryaccess Yes ��ࠬ���� EMS ------------- �����䨪��� {emssettings} bootems Yes ��ࠬ���� �⫠�稪� ------------------- �����䨪��� {dbgsettings} debugtype Serial debugport 1 baudrate 115200 ��䥪�� ��� ----------- �����䨪��� {badmemory} �������� ��ࠬ���� -------------------- �����䨪��� {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} ��ࠬ���� �����稪� -------------------- �����䨪��� {bootloadersettings} inherit {globalsettings} {hypervisorsettings} ��ࠬ���� ����ࢨ��� ------------------- �����䨪��� {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 ��ࠬ���� �����稪� ����⠭������� ----------------------------------- �����䨪��� {resumeloadersettings} inherit {globalsettings} ��ࠬ���� ���ன�� ------------------- �����䨪��� {6c5ccdc5-5a12-11e7-9b67-bf78f1d5c992} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\6c5ccdc4-5a12-11e7-9b67-bf78f1d5c992\boot.sdi LastRegBack: 2018-04-02 22:30 ==================== End of FRST.txt ============================