Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.08.2018 02 Ran by ACER (administrator) on ACER-ПК (21-08-2018 14:02:37) Running from C:\Users\ACER\Downloads Loaded Profiles: ACER (Available Profiles: ACER) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Русский (Россия) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\18.7.0.2695\service_update.exe (YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\18.7.0.2695\service_update.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (BitTorrent Inc.) C:\Users\ACER\AppData\Roaming\uTorrent\uTorrent.exe (Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE () C:\Users\ACER\LiveTex\LTClient.exe () C:\Program Files (x86)\WebMoney Agent\wmagent.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (BitTorrent Inc.) C:\Users\ACER\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe (BitTorrent Inc.) C:\Users\ACER\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM-x32\...\Run: [wmagent.exe] => C:\Program Files (x86)\WebMoney Agent\wmagent.exe [210400 2009-10-19] () HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-23] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4062612487-3148027201-1454314958-1000\...\Run: [uTorrent] => C:\Users\ACER\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-25] (BitTorrent Inc.) HKU\S-1-5-21-4062612487-3148027201-1454314958-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd) HKU\S-1-5-21-4062612487-3148027201-1454314958-1000\...\Run: [LiveTex] => C:\Users\ACER\LiveTex\LiveTex.exe [283824 2015-04-20] () HKU\S-1-5-21-4062612487-3148027201-1454314958-1000\...\Run: [movavi_videoconverter_agent] => C:\Program Files (x86)\Movavi\Movavi Video Converter 18 Premium\ConverterAgent.exe [684048 2018-07-02] (Movavi ) Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.10.20 Tcpip\..\Interfaces\{457E2E0E-C833-46E9-A1FA-CF2D7361BAEB}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{5CD5B690-6715-49CE-B89D-F641F649D9D7}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{6EA23B8C-CF96-4FDA-ADF0-003BAD08C879}: [DhcpNameServer] 192.168.10.20 Tcpip\..\Interfaces\{ABC9481A-C21F-49DB-B4D9-088E86F2902E}: [DhcpNameServer] 192.168.10.20 Internet Explorer: ================== SearchScopes: HKU\S-1-5-21-4062612487-3148027201-1454314958-1000 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://yandex.ru/yandsearch?win=42&clid=41129&text={searchTerms} SearchScopes: HKU\S-1-5-21-4062612487-3148027201-1454314958-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://yandex.ru/yandsearch?win=42&clid=41129&text={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-23] (Oracle Corporation) BHO: Визуальные закладки -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> C:\Program Files (x86)\Yandex\FastDial\fastdial64host.dll [2015-08-25] () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-23] (Oracle Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-23] (Oracle Corporation) BHO-x32: Визуальные закладки -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> C:\Program Files (x86)\Yandex\FastDial\fastdialhost.dll [2015-08-25] () BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-23] (Oracle Corporation) BHO-x32: WebMoneyAdvisorBHO -> {E7D2CB77-6E2D-4C1F-B485-D50506B9FA6B} -> C:\Program Files (x86)\WebMoney Advisor\2.2.4\wmadvisor.dll [2011-07-20] (CJSC Computing Forces) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.) Toolbar: HKLM-x32 - WebMoney Advisor - {405DFEAE-1D2F-4649-BE08-C92313C3E1CE} - C:\Program Files (x86)\WebMoney Advisor\2.2.4\wmadvisor.dll [2011-07-20] (CJSC Computing Forces) FireFox: ======== FF DefaultProfile: glgvkuc1.default-1458737927086-1519992891833 FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\glgvkuc1.default-1458737927086-1519992891833 [2018-08-14] FF Homepage: Mozilla\Firefox\Profiles\glgvkuc1.default-1458737927086-1519992891833 -> hxxps://www.google.com/ FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-11-19] [Legacy] [not signed] FF HKU\S-1-5-21-4062612487-3148027201-1454314958-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-14] () FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll [2012-08-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-23] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-23] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4062612487-3148027201-1454314958-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ACER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) Chrome: ======= CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION CHR HomePage: Default -> hxxps://www.google.com/ CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default [2018-08-21] CHR Extension: (Презентации) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-26] CHR Extension: (Документы) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-26] CHR Extension: (Диск Google) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-26] CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-26] CHR Extension: (Таблицы) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-26] CHR Extension: (Интернет-банк Faktura.ru) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpmimlmjgfnplmmfenbpgikbdgjcdim [2018-04-26] CHR Extension: (Google Документы офлайн) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-27] CHR Extension: (Referer Control) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2018-03-22] CHR Extension: (friGate CDN - бесперебойный доступ к сайтам) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbacbcfdfaapbcnlnbmciiaakomhkbkb [2018-05-29] CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-26] CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-26] CHR Extension: (Chrome Media Router) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-26] Opera: ======= OPR StartupUrls: "hxxps://www.yandex.ru/?win=269&clid=2292380" OPR Extension: (Интернет-банк Faktura.ru) - C:\Users\ACER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cmlalaggbljhpgmdmmhbefnkeoijlgnl [2017-03-17] OPR Extension: (friGate UA - для Украины) - C:\Users\ACER\AppData\Roaming\Opera Software\Opera Stable\Extensions\mjeddbfgpjaedjdioclflnoaofekijgp [2018-05-29] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-11-03] (Adobe Systems) [File not signed] R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed] S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3452928 2009-09-05] (Egis Technology Inc.) [File not signed] S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed] S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт) S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\18.7.0.2695\service_update.exe [1196536 2018-08-02] (YANDEX LLC) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-08-21] (Malwarebytes) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94440 2016-06-14] (Корпорация Майкрософт) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed] S3 qcusbnet; C:\Windows\System32\DRIVERS\qcusbnet.sys [428600 2017-03-15] (QUALCOMM Incorporated) S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated) R3 R5BaseSmc; C:\Windows\System32\DRIVERS\smccard.sys [23592 2016-07-04] (OEM) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-17] (Duplex Secure Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) U3 aswbdisk; no ImagePath ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys 00D77B30CA9CB1D7793AC952549331A0 C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5 C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys 3D67C27DD17B254D7915FA16A5AE3573 C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F C:\Windows\System32\DRIVERS\ssudbus.sys B9430166FEB246F6070A62B3554932C9 C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361 C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F C:\Windows\System32\drivers\dxgkrnl.sys 30545EF2A1E3EF79450AED5DF80F5884 C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vrtaucbl.sys C7A4B5C4C9FEB166F1A7640F055AFF00 C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324 C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24 C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys DFEAF0A1D98D397035012C8E28D1520F C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys 9AA6A93852E36FE76C3F7FC2904F3B01 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys E489D12FF435AEEF4A5474C47D329590 C:\Windows\System32\DRIVERS\ivusb.sys BD5BF20EC242E003A2F570B8754A56D1 C:\Windows\System32\DRIVERS\k57nd60a.sys 249EE2D26CB1530F3BEDE0AC8B9E3099 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 15682ED7B70B186C9C2BE6CA423D8E74 C:\Windows\System32\Drivers\ksecpkg.sys 945F4DA63A76EB2725C070BF3A86B5A5 C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\Drivers\mbamswissarmy.sys 351BF8F77B0A15A7B5A2AE098C52A387 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys 8ADB5445B29941CB41AF2846FD5C93C7 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F C:\Windows\System32\DRIVERS\mrxsmb.sys 054F780A442DB96F9FE10501B35E75CA C:\Windows\System32\DRIVERS\mrxsmb10.sys A1EAC982807B3179DD92235B6B709C0A C:\Windows\System32\DRIVERS\mrxsmb20.sys E6B504F163094F2DB84F7D34A893FA00 C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netaapl64.sys EE00C544C025958AF50C7B199F3C8595 C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C C:\Windows\System32\DRIVERS\netw5v64.sys 705283C02177809CA9FA7CC58A4F1E77 C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694 C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\qcusbnet.sys DF65D1F63D20049D2A3835CE023CBBB1 C:\Windows\System32\DRIVERS\qcusbser.sys F5E76151C86C818A6ECA628B731E1DDA C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smccard.sys CEB2A1AED4983A64F34C1F8101D75095 C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\sptd.sys A15860E920B02C9A7CE8F3A6C2FF1E3A C:\Windows\System32\DRIVERS\srv.sys 546C81F238F084A393EC54114741A0A8 C:\Windows\System32\DRIVERS\srv2.sys 431D2B06E8F93EAEC53E8FA37FCFF2F1 C:\Windows\System32\DRIVERS\srvnet.sys 42EDAB3E3E8E25C7093674936C2DB4BD C:\Windows\system32\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB C:\Windows\System32\DRIVERS\ssudmdm.sys C692C94FE55CAD0633440236022C27B3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 351A21ED3971ADD558956FF3EB0F6FED C:\Windows\System32\DRIVERS\tcpip.sys 351A21ED3971ADD558956FF3EB0F6FED C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys EC75A942C32F7F405659D86156DCE4C5 C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2 C:\Windows\System32\DRIVERS\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736 C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C C:\Windows\system32\drivers\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43 C:\Windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-21 14:01 - 2018-08-21 14:01 - 000000004 ____H C:\Users\Все пользователи\cm-lock 2018-08-21 14:01 - 2018-08-21 14:01 - 000000004 ____H C:\ProgramData\cm-lock 2018-08-21 13:53 - 2018-08-21 13:53 - 000000000 ____D C:\Windows\system32\config\uVS_RegBack 2018-08-17 14:05 - 2018-08-17 14:05 - 000339151 _____ C:\Users\ACER\Downloads\Приглашение Сямынь 17.08.18..pdf 2018-08-17 12:33 - 2018-08-17 12:33 - 007147101 _____ C:\Users\ACER\Downloads\Волна_Презентация.pptx 2018-08-16 16:27 - 2018-08-16 16:27 - 000121605 _____ C:\Users\ACER\Downloads\67.pdf 2018-08-16 14:47 - 2018-08-16 14:47 - 000049048 _____ C:\Users\ACER\Downloads\Реквизиты Михаил (3) 2018-08-16 14:39 - 2018-08-16 14:39 - 000049048 _____ C:\Users\ACER\Downloads\Реквизиты Михаил (2) 2018-08-16 12:38 - 2018-08-16 12:38 - 000006674 _____ C:\Users\ACER\Downloads\Виктория Тинькофф (1).txt 2018-08-15 15:54 - 2018-08-15 15:54 - 000026624 _____ C:\Users\ACER\Downloads\Счет 087 Виктория (1).xls 2018-08-15 15:42 - 2018-08-15 15:42 - 000026624 _____ C:\Users\ACER\Downloads\Счет 087 Виктория.xls 2018-08-15 13:08 - 2018-08-15 13:08 - 000049048 _____ C:\Users\ACER\Downloads\Реквизиты Михаил (1) 2018-08-15 13:08 - 2018-08-15 13:08 - 000049048 _____ C:\Users\ACER\Downloads\Реквизиты Михаил 2018-08-14 18:49 - 2018-08-15 14:28 - 000001166 _____ C:\Users\ACER\Documents\Untitled-1.htm 2018-08-14 13:11 - 2018-08-14 13:11 - 000000000 ____D C:\Users\Все пользователи\EPSON 2018-08-14 13:11 - 2018-08-14 13:11 - 000000000 ____D C:\ProgramData\EPSON 2018-08-09 12:55 - 2018-08-21 13:54 - 000000000 ____D C:\Users\ACER\Downloads\uvs_latest 2018-08-07 17:37 - 2018-08-07 17:37 - 000000000 ____D C:\Users\ACER\Documents\Проекты ВидеоМОНТАЖ 2018-08-07 17:36 - 2018-08-07 17:36 - 000000000 ____D C:\Users\ACER\AppData\Roaming\Ruler 2018-08-07 17:36 - 2018-08-07 17:36 - 000000000 ____D C:\Users\ACER\AppData\Roaming\AMS Software 2018-08-07 17:29 - 2018-08-07 17:31 - 146155776 _____ (AMS Software ) C:\Users\ACER\Downloads\VideoEditor.exe 2018-08-07 17:25 - 2018-08-07 17:25 - 000000000 ____D C:\Users\ACER\Downloads\WindowsMovieMaker 2018-08-07 13:54 - 2018-08-07 13:54 - 000009683 _____ C:\Users\ACER\Downloads\documents.xml 2018-08-01 17:48 - 2018-08-01 17:48 - 000000000 ____D C:\Users\TEMP 2018-08-01 17:48 - 2015-10-21 14:33 - 000000000 ____D C:\Users\TEMP\AppData\Local\Yandex 2018-08-01 13:18 - 2018-08-01 13:18 - 000002368 _____ C:\{547A351A-29E9-4284-A777-160E2FF5E622} 2018-07-31 17:58 - 2018-07-31 17:58 - 000033656 _____ C:\{A37B9FFD-5B65-4119-91E4-56CB450C5396} 2018-07-31 12:25 - 2018-07-31 12:25 - 000004224 _____ C:\{C9D51E8A-7556-4DF6-BAD3-48F88A8BCC63} 2018-07-31 11:57 - 2018-07-31 11:57 - 000108240 _____ C:\{D07E2E65-6519-43AD-8863-29366C78FEE8} 2018-07-30 11:57 - 2018-08-21 13:13 - 000000000 ____D C:\царева 2018-07-30 11:46 - 2018-07-30 11:46 - 000000000 ____D C:\Новая папка 2018-07-30 11:06 - 2018-07-30 11:06 - 000007224 _____ C:\{65CA2CA9-5FF1-4C2B-A99A-0FB8B34A1541} 2018-07-26 13:21 - 2018-08-13 12:35 - 000000000 _____ C:\Windows\SysWOW64\last.dump 2018-07-26 12:09 - 2018-07-26 12:09 - 000052280 _____ C:\{FF802657-37F6-4C0D-BD60-5F6444859AE6} 2018-07-24 18:36 - 2018-07-24 18:36 - 000004672 _____ C:\{0B92C879-E19D-4DD2-82C7-10D6CDF73BD1} 2018-07-24 17:41 - 2018-07-24 17:41 - 000000000 ____D C:\Users\ACER\AppData\Local\converter 2018-07-24 17:37 - 2018-07-24 17:37 - 000001301 _____ C:\Users\Public\Desktop\Movavi Конвертер Видео 18 Премиум.lnk 2018-07-24 17:37 - 2018-07-24 17:37 - 000000000 ____D C:\Users\ACER\AppData\Local\ConverterAgent 2018-07-24 17:37 - 2018-07-24 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Конвертер Видео 18 Премиум 2018-07-24 17:36 - 2018-07-24 17:36 - 000004933 _____ C:\Users\Все пользователи\vfiakfjk.zeu 2018-07-24 17:36 - 2018-07-24 17:36 - 000004933 _____ C:\ProgramData\vfiakfjk.zeu 2018-07-24 17:36 - 2018-07-24 17:36 - 000000000 ____D C:\Users\Все пользователи\Movavi Video Converter 18 2018-07-24 17:36 - 2018-07-24 17:36 - 000000000 ____D C:\Users\Все пользователи\Movavi 2018-07-24 17:36 - 2018-07-24 17:36 - 000000000 ____D C:\ProgramData\Movavi Video Converter 18 2018-07-24 17:36 - 2018-07-24 17:36 - 000000000 ____D C:\ProgramData\Movavi 2018-07-24 17:36 - 2018-07-24 17:36 - 000000000 ____D C:\Program Files (x86)\Movavi 2018-07-24 17:14 - 2018-07-24 17:14 - 000001015 _____ C:\Users\Public\Desktop\Movavi Video Editor 14 Plus.lnk 2018-07-24 17:14 - 2018-07-24 17:14 - 000000000 ____D C:\Users\ACER\AppData\Local\VideoEditorPlus 2018-07-24 17:14 - 2018-07-24 17:14 - 000000000 ____D C:\Users\ACER\AppData\Local\Movavi 2018-07-24 17:14 - 2018-07-24 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 14 Plus 2018-07-24 17:09 - 2018-07-24 17:14 - 000000000 ____D C:\Program Files\Movavi Video Editor 14 Plus 2018-07-24 17:08 - 2018-07-24 17:08 - 000004904 _____ C:\Users\Все пользователи\mklddvci.gqu 2018-07-24 17:08 - 2018-07-24 17:08 - 000004904 _____ C:\ProgramData\mklddvci.gqu 2018-07-24 17:08 - 2018-07-24 17:08 - 000000016 _____ C:\Users\Все пользователи\mntemp 2018-07-24 17:08 - 2018-07-24 17:08 - 000000016 _____ C:\ProgramData\mntemp 2018-07-24 17:08 - 2018-07-24 17:08 - 000000000 ____D C:\Users\Все пользователи\Movavi Video Editor 14 Plus 2018-07-24 17:08 - 2018-07-24 17:08 - 000000000 ____D C:\ProgramData\Movavi Video Editor 14 Plus 2018-07-24 17:07 - 2018-07-24 17:07 - 063628656 _____ (Movavi) C:\Users\ACER\Downloads\MovaviVideoEditorPlusSetupC.exe 2018-07-24 17:05 - 2018-07-24 17:05 - 007364608 _____ C:\Users\ACER\Downloads\WindowsMovieMaker_Web_Rus_Setup.msi 2018-07-20 19:19 - 2018-07-20 19:19 - 000999416 _____ (YANDEX LLC) C:\Users\ACER\Downloads\Yandex (3).exe 2018-07-17 21:58 - 2018-08-13 11:46 - 000000000 ____D C:\Users\ACER\AppData\Local\AVAST Software 2018-07-17 16:48 - 2018-08-15 20:00 - 000000000 ____D C:\мосэнерго 2018-07-17 15:23 - 2018-07-17 15:23 - 000999416 _____ (YANDEX LLC) C:\Users\ACER\Downloads\Yandex (2).exe 2018-07-17 11:37 - 2018-08-08 22:02 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2018-07-12 14:23 - 2018-07-12 14:23 - 000031744 _____ C:\Users\ACER\Downloads\378 от 11.07.2018, Виктория.xls 2018-07-12 14:23 - 2018-07-12 14:23 - 000031744 _____ C:\Users\ACER\Downloads\288 от 13.06.2018, ВИКТОРИЯ.xls 2018-07-12 11:21 - 2018-07-12 11:21 - 004635588 _____ C:\Users\ACER\Downloads\ПРЕДЛОЖЕНИЕ ДЛЯ ТУРАГЕНТСТВ ХАТА ШЕРЕМЕТЬЕВО (1) (1).pptx 2018-07-11 15:09 - 2018-07-11 15:09 - 004635588 _____ C:\Users\ACER\Downloads\ПРЕДЛОЖЕНИЕ ДЛЯ ТУРАГЕНТСТВ ХАТА ШЕРЕМЕТЬЕВО (1).pptx 2018-07-11 14:08 - 2018-06-13 19:23 - 000140992 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-07-11 14:08 - 2018-06-13 19:18 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2018-07-11 14:08 - 2018-06-08 16:05 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2018-07-11 14:08 - 2018-06-08 16:05 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2018-07-11 14:08 - 2018-06-08 16:05 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2018-07-11 14:08 - 2018-06-08 16:05 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2018-07-11 14:08 - 2018-06-08 16:05 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2018-07-11 14:08 - 2018-06-08 16:05 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2018-07-11 14:08 - 2018-06-08 16:05 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2018-07-11 14:08 - 2018-06-08 16:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2018-07-10 19:14 - 2018-08-21 13:15 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-07-09 20:26 - 2018-07-09 20:27 - 005417069 _____ C:\Users\ACER\Documents\240p.h264.mp4.crdownload 2018-07-09 17:50 - 2018-07-09 17:50 - 006577152 _____ C:\Users\ACER\Downloads\Презентация Гостевого дома Солнечный г.Сухум (1).ppt 2018-07-09 16:52 - 2018-07-09 16:52 - 006577152 _____ C:\Users\ACER\Downloads\Презентация Гостевого дома Солнечный г.Сухум.ppt 2018-07-09 16:09 - 2018-07-09 17:58 - 000000000 ____D C:\Users\ACER\AppData\LocalLow\Temp 2018-07-09 16:09 - 2018-07-09 16:09 - 003239987 _____ C:\Users\ACER\Downloads\Презентация Комплекса Попов луг 2018.xps 2018-07-09 16:08 - 2018-07-09 16:08 - 012158464 _____ C:\Users\ACER\Downloads\Презентация Комплекса Попов луг 2018.ppt 2018-07-09 14:10 - 2018-07-09 14:10 - 000000000 _____ C:\Users\ACER\Documents\Предложение для ТО.txt 2018-07-06 12:18 - 2018-07-06 12:24 - 054478424 _____ C:\Users\ACER\Documents\c097bca2cea719eb830a33f7e6f_240.mp4 2018-07-05 17:03 - 2018-07-05 17:04 - 000001842 _____ C:\Users\ACER\Documents\Путеводитель по городу Линьи(临沂旅游指南).txt 2018-07-02 19:22 - 2018-07-02 19:22 - 000171805 _____ C:\Users\ACER\Documents\Eye to Eye, Cuckold Compilation - sexyatnextdoor.com - XVIDEOS.COM.html 2018-07-02 19:22 - 2018-07-02 19:22 - 000000000 ____D C:\Users\ACER\Documents\Eye to Eye, Cuckold Compilation - sexyatnextdoor.com - XVIDEOS.COM_files 2018-07-02 17:28 - 2018-07-02 17:28 - 000684536 _____ (YANDEX LLC) C:\Users\ACER\Downloads\Yandex (1).exe 2018-06-29 11:52 - 2018-06-29 11:52 - 001779248 _____ C:\{8ECFBB4C-B2A5-4C9E-97F3-0BECAE0530BF} 2018-06-27 15:16 - 2018-06-27 15:16 - 000006664 _____ C:\Users\ACER\Downloads\Виктория Тинькофф.txt 2018-06-27 11:27 - 2018-06-27 11:27 - 000000000 ____D C:\Users\ACER\AppData\Local\CEF 2018-06-27 11:17 - 2018-06-27 11:17 - 000000000 ____D C:\Program Files\Common Files\AVAST Software 2018-06-27 11:08 - 2018-07-13 12:18 - 000046508 _____ C:\Users\ACER\Downloads\Addition.txt 2018-06-27 10:57 - 2018-08-21 14:08 - 000033318 _____ C:\Users\ACER\Downloads\FRST.txt 2018-06-27 10:56 - 2018-08-21 14:02 - 000000000 ____D C:\Users\ACER\Downloads\FRST-OlderVersion 2018-06-26 14:55 - 2018-06-26 14:55 - 000684536 _____ (YANDEX LLC) C:\Users\ACER\Downloads\Yandex.exe 2018-06-26 12:12 - 2018-06-26 12:12 - 000001902 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-06-26 12:12 - 2018-06-26 12:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-06-26 12:11 - 2018-07-10 19:12 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-06-19 20:35 - 2018-06-19 20:35 - 000002062 _____ C:\Users\Public\Desktop\Приобретение расходных материалов HP.lnk 2018-06-19 20:35 - 2018-06-19 20:35 - 000000000 ____D C:\Users\Все пользователи\HPSSUPPLY 2018-06-19 20:35 - 2018-06-19 20:35 - 000000000 ____D C:\ProgramData\HPSSUPPLY 2018-06-19 20:24 - 2018-06-19 20:24 - 000000000 ____D C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2018-06-19 20:23 - 2018-06-19 20:23 - 000000000 ____D C:\Program Files\Avago-HP 2018-06-19 20:16 - 2010-06-29 15:22 - 000403968 _____ (Software 2000 Limited) C:\Windows\system32\HP1006LM.DLL 2018-06-19 20:16 - 2010-01-13 12:43 - 000080399 _____ C:\Windows\system32\WRes1200.txt 2018-06-19 20:16 - 2010-01-13 12:43 - 000001071 _____ C:\Windows\system32\W600dpi.txt 2018-06-19 20:16 - 2010-01-13 12:42 - 000080399 _____ C:\Windows\system32\HRes600.txt 2018-06-19 20:16 - 2010-01-13 12:42 - 000080399 _____ C:\Windows\system32\HRes1200.txt 2018-06-19 20:16 - 2010-01-13 12:41 - 000064512 _____ C:\Windows\system32\HPPLVS.dll 2018-06-19 20:13 - 2018-06-19 20:14 - 000000000 ___HD C:\Program Files (x86)\Avago-HP 2018-06-19 19:54 - 2018-06-19 19:56 - 000000000 __SHD C:\Users\ACER\AppData\Roaming\.# 2018-06-15 20:56 - 2018-08-21 14:02 - 000000000 ____D C:\FRST 2018-06-15 20:56 - 2018-07-13 12:21 - 000003740 _____ C:\Users\ACER\Downloads\Fixlog.txt 2018-06-15 20:53 - 2018-06-15 20:53 - 000001274 _____ C:\Users\ACER\Documents\fixlist.txt 2018-06-14 18:45 - 2018-06-14 18:45 - 000000000 ____D C:\Users\ACER\Documents\Updater 2018-06-13 13:29 - 2018-08-21 14:02 - 002413056 _____ (Farbar) C:\Users\ACER\Downloads\FRST64.exe 2018-06-13 11:23 - 2018-06-13 11:23 - 000004816 _____ C:\{D6E1AAC6-4194-4901-A2B3-7798A89D9323} 2018-05-29 12:44 - 2018-05-29 12:44 - 000000000 ____D C:\Users\ACER\Desktop\Новая папка 2018-05-28 20:03 - 2018-05-28 20:03 - 000000000 ____D C:\Users\Все пользователи\Doctor Web 2018-05-28 20:03 - 2018-05-28 20:03 - 000000000 ____D C:\ProgramData\Doctor Web ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-21 14:08 - 2012-08-29 09:53 - 000000000 ____D C:\Users\ACER\AppData\Roaming\uTorrent 2018-08-21 14:05 - 2017-11-02 18:59 - 000000068 __RSH C:\Windows\system32\Drivers\usbvideo.winsecurity 2018-08-21 13:59 - 2018-04-17 13:25 - 000000000 ____D C:\Users\ACER\AppData\LocalLow\uTorrent 2018-08-21 13:59 - 2016-03-15 10:03 - 000000000 ____D C:\Users\ACER\LiveTex 2018-08-21 13:59 - 2012-08-29 21:38 - 000110456 _____ C:\Users\ACER\AppData\Local\GDIPFONTCACHEV1.DAT 2018-08-21 13:59 - 2012-08-27 13:15 - 000000000 ____D C:\Users\ACER 2018-08-21 13:58 - 2018-04-27 18:08 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-08-21 13:58 - 2018-02-19 12:59 - 000003408 _____ C:\Windows\System32\Tasks\Обновление Браузера Яндекс 2018-08-21 13:58 - 2018-02-19 12:59 - 000000424 _____ C:\Windows\Tasks\Обновление Браузера Яндекс.job 2018-08-21 13:58 - 2016-08-22 12:52 - 000000468 _____ C:\Windows\Tasks\Системное обновление Браузера Яндекс.job 2018-08-21 13:57 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-08-21 13:57 - 2009-07-14 07:45 - 000419632 _____ C:\Windows\system32\FNTCACHE.DAT 2018-08-21 13:55 - 2017-11-02 18:59 - 000000068 __RSH C:\Windows\system32\Drivers\vwififlt.winsecurity 2018-08-21 13:54 - 2017-02-21 11:56 - 000000000 ____D C:\Users\Все пользователи\TEMP 2018-08-21 13:54 - 2017-02-21 11:56 - 000000000 ____D C:\ProgramData\TEMP 2018-08-21 13:53 - 2018-03-16 13:50 - 000000000 ____D C:\Договора 2018-08-21 13:51 - 2015-10-02 13:52 - 000000000 ____D C:\Дима 2018-08-21 13:41 - 2015-09-30 18:13 - 000000000 ____D C:\2015 2018-08-21 13:16 - 2017-02-21 12:01 - 000000000 ____D C:\Users\ACER\AppData\Roaming\WebMoney 2018-08-21 13:12 - 2012-08-27 18:15 - 000000000 ____D C:\Users\ACER\AppData\Roaming\Adobe 2018-08-21 12:46 - 2009-07-14 07:45 - 000022560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-08-21 12:46 - 2009-07-14 07:45 - 000022560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-08-20 13:25 - 2018-02-20 12:45 - 000000000 ____D C:\2018 2018-08-20 13:19 - 2017-02-09 20:43 - 000000000 ____D C:\Program Files\Opera 2018-08-20 13:05 - 2017-07-25 12:17 - 000365056 ____H C:\Users\ACER\Documents\~WRL1472.tmp 2018-08-20 12:59 - 2011-04-12 16:26 - 000759476 _____ C:\Windows\system32\perfh019.dat 2018-08-20 12:59 - 2011-04-12 16:26 - 000164826 _____ C:\Windows\system32\perfc019.dat 2018-08-20 12:59 - 2009-07-14 08:13 - 001737672 _____ C:\Windows\system32\PerfStringBackup.INI 2018-08-20 12:59 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf 2018-08-20 12:57 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF 2018-08-20 12:10 - 2015-08-05 15:47 - 000000000 ____D C:\Users\ACER\Desktop\Рабочий стол 2018-08-16 20:29 - 2017-01-20 14:53 - 000122368 _____ C:\Users\ACER\Documents\Дача Винтера 2017.xlsx 2018-08-16 12:50 - 2016-02-26 16:52 - 000000000 ____D C:\Users\ACER\AppData\Local\GHISLER 2018-08-15 13:48 - 2013-08-31 21:25 - 000000000 ____D C:\Windows\system32\MRT 2018-08-15 13:35 - 2013-02-26 16:57 - 137343192 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-08-15 13:17 - 2012-08-27 15:00 - 001712658 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2018-08-14 19:14 - 2017-02-08 19:15 - 000000000 ____D C:\Users\Все пользователи\AVAST Software 2018-08-14 19:14 - 2017-02-08 19:15 - 000000000 ____D C:\ProgramData\AVAST Software 2018-08-14 16:57 - 2017-07-12 14:57 - 000004536 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-08-14 16:57 - 2016-11-28 16:22 - 000004378 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-08-14 16:57 - 2016-11-28 16:21 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-08-14 16:57 - 2016-11-28 16:21 - 000000000 ____D C:\Windows\system32\Macromed 2018-08-14 16:57 - 2012-08-27 15:30 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-08-14 16:57 - 2012-08-27 15:30 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-08-14 15:57 - 2018-03-14 12:59 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-08-13 17:48 - 2017-02-28 15:17 - 000000000 ____D C:\viktur 2018-08-12 15:10 - 2017-07-25 12:17 - 000401408 ____H C:\Users\ACER\Documents\~WRL2980.tmp 2018-08-10 21:05 - 2018-05-22 14:59 - 000000000 ____D C:\Тинькофф 2018-08-10 15:43 - 2017-02-09 20:45 - 000003862 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1486662274 2018-08-10 13:38 - 2018-02-20 16:21 - 000000000 ____D C:\Музыка 2018-08-08 22:14 - 2017-06-28 16:41 - 000002928 _____ C:\Windows\System32\Tasks\{CD8F4E8B-1162-4B2A-B9CC-F309C05A58F1} 2018-08-08 22:14 - 2017-06-07 16:50 - 000003120 _____ C:\Windows\System32\Tasks\{F6FA5971-0EA5-46A0-8C20-2F0F74908D27} 2018-08-08 22:14 - 2016-09-19 10:07 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-08-08 22:14 - 2012-08-27 15:41 - 000002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-08-08 20:53 - 2017-03-14 11:03 - 000000000 ____D C:\сводные туры 2018-08-08 19:55 - 2013-02-26 17:38 - 000000000 ____D C:\Users\ACER\AppData\Local\ElevatedDiagnostics 2018-08-08 14:07 - 2012-08-30 13:48 - 000000000 ____D C:\Users\ACER\AppData\Roaming\Media Player Classic 2018-08-08 14:02 - 2016-11-28 09:58 - 000000000 ____D C:\Users\ACER\AppData\LocalLow\Mozilla 2018-08-07 18:25 - 2017-06-09 11:34 - 000000000 ____D C:\оригиналы 2018-08-07 13:40 - 2017-07-25 12:17 - 000411648 ____H C:\Users\ACER\Documents\~WRL1555.tmp 2018-08-03 16:48 - 2015-10-14 17:42 - 000000000 ____D C:\Ссылки по регионам 2018-08-01 21:55 - 2017-07-25 12:17 - 000495104 ____H C:\Users\ACER\Documents\~WRL0098.tmp 2018-07-31 17:27 - 2016-05-13 10:39 - 000000000 ____D C:\Users\Все пользователи\Package Cache 2018-07-31 17:27 - 2016-05-13 10:39 - 000000000 ____D C:\ProgramData\Package Cache 2018-07-27 18:37 - 2016-01-21 19:10 - 000000000 ____D C:\Users\ACER\Documents\sape 2018-07-24 18:55 - 2018-05-16 15:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-07-24 18:55 - 2018-05-16 15:13 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-07-24 18:47 - 2017-07-25 12:17 - 000511488 ____H C:\Users\ACER\Documents\~WRL1418.tmp ==================== Files in the root of some directories ======= 2017-02-28 15:41 - 2017-02-28 15:41 - 000000265 _____ () C:\ProgramData\fontcacheev1.dat 2017-02-28 15:41 - 2017-02-28 15:41 - 000000265 _____ () C:\Users\Все пользователи\fontcacheev1.dat 2016-12-01 16:35 - 2017-03-31 10:07 - 000306688 _____ () C:\Users\ACER\AppData\Roaming\c731200 2018-04-23 13:12 - 2018-04-23 13:12 - 000000000 ____H () C:\Users\ACER\AppData\Local\BIT2B85.tmp 2018-04-26 17:18 - 2018-04-26 17:18 - 000140800 _____ () C:\Users\ACER\AppData\Local\installer.dat 2018-02-21 19:00 - 2018-02-21 19:00 - 000000000 _____ () C:\Users\ACER\AppData\Local\{19C4536A-776B-47FB-AC2C-EE2541E44476} 2018-02-21 19:00 - 2018-02-21 19:00 - 000000000 _____ () C:\Users\ACER\AppData\Local\{3DC34B03-F1AF-47FE-84A0-8535749D3793} 2018-04-23 13:11 - 2018-04-23 13:11 - 000000000 _____ () C:\Users\ACER\AppData\Local\{85937CB3-0B4C-486A-9891-ED84464B0B4B} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ ��ᯥ��� ����㧪� Windows -------------------- �����䨪��� {bootmgr} device partition=\Device\HarddiskVolume2 description Windows Boot Manager locale ru-RU inherit {globalsettings} default {current} resumeobject {d90635ff-cb5e-11de-9e71-c0138c704753} displayorder {current} toolsdisplayorder {memdiag} timeout 30 ����㧪� Windows ------------------- �����䨪��� {d90635fd-cb5e-11de-9e71-c0138c704753} device ramdisk=[C:]\Recovery\d90635fd-cb5e-11de-9e71-c0138c704753\Winre.wim,{d90635fe-cb5e-11de-9e71-c0138c704753} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\d90635fd-cb5e-11de-9e71-c0138c704753\Winre.wim,{d90635fe-cb5e-11de-9e71-c0138c704753} systemroot \windows nx OptIn winpe Yes ����㧪� Windows ------------------- �����䨪��� {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale ru-RU inherit {bootloadersettings} recoverysequence {d9063601-cb5e-11de-9e71-c0138c704753} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {d90635ff-cb5e-11de-9e71-c0138c704753} nx OptIn ����㧪� Windows ------------------- �����䨪��� {d9063601-cb5e-11de-9e71-c0138c704753} device ramdisk=[C:]\Recovery\d9063601-cb5e-11de-9e71-c0138c704753\Winre.wim,{d9063602-cb5e-11de-9e71-c0138c704753} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\d9063601-cb5e-11de-9e71-c0138c704753\Winre.wim,{d9063602-cb5e-11de-9e71-c0138c704753} systemroot \windows nx OptIn winpe Yes ��室 �� ०��� ����ୠ樨 -------------------------- �����䨪��� {d90635ff-cb5e-11de-9e71-c0138c704753} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No �஢�ઠ ����� Windows --------------------- �����䨪��� {memdiag} device partition=\Device\HarddiskVolume2 path \boot\memtest.exe description �������⨪� ����� locale ru-RU inherit {globalsettings} badmemoryaccess Yes ��ࠬ���� EMS ------------- �����䨪��� {emssettings} bootems Yes ��ࠬ���� �⫠�稪� ------------------- �����䨪��� {dbgsettings} debugtype Serial debugport 1 baudrate 115200 ��䥪�� ��� ----------- �����䨪��� {badmemory} �������� ��ࠬ���� -------------------- �����䨪��� {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} ��ࠬ���� �����稪� -------------------- �����䨪��� {bootloadersettings} inherit {globalsettings} {hypervisorsettings} ��ࠬ���� ����ࢨ��� ------------------- �����䨪��� {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 ��ࠬ���� �����稪� ����⠭������� ----------------------------------- �����䨪��� {resumeloadersettings} inherit {globalsettings} ��ࠬ���� ���ன�� ------------------- �����䨪��� {d90635fe-cb5e-11de-9e71-c0138c704753} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\d90635fd-cb5e-11de-9e71-c0138c704753\boot.sdi ��ࠬ���� ���ன�� ------------------- �����䨪��� {d9063602-cb5e-11de-9e71-c0138c704753} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\d9063601-cb5e-11de-9e71-c0138c704753\boot.sdi LastRegBack: 2018-08-16 00:25 ==================== End of FRST.txt ============================