Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-04-2016 Ran by СЕКР (administrator) on BUH (14-04-2016 16:26:23) Running from D:\АРХИВ КОМП\Загрузки\AutoLogger Loaded Profiles: СЕКР (Available Profiles: СЕКР) Platform: Microsoft Windows 7 Максимальная (X86) Language: Русский (Россия) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\MegaFon Modem\OnlineUpdate\ouc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files\MegaFon Modem\MegaFon Modem.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Tensor Company Ltd) C:\Users\СЕКР\AppData\Roaming\SbisLauncher\Launcher.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-09] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated) HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\Run: [Sbis Launcher] => C:\Users\СЕКР\AppData\Roaming\SbisLauncher\Launcher.exe [429176 2016-04-13] (Tensor Company Ltd) HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\Run: [SbisLoader] => C:\СБиС++ Документооборот\Мониторинг\SbisMon.exe [15944 2015-06-23] () HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\MountPoints2: {032fc894-6728-11e5-9233-c86000be0956} - G:\AutoRun.exe HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\MountPoints2: {032fc8a3-6728-11e5-9233-c86000be0956} - G:\AutoRun.exe HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\MountPoints2: {0e954dd5-6748-11e5-a4cb-c86000be0956} - G:\AutoRun.exe HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\MountPoints2: {0e954de4-6748-11e5-a4cb-c86000be0956} - G:\AutoRun.exe HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\MountPoints2: {0e954e0f-6748-11e5-a4cb-c86000be0956} - G:\AutoRun.exe HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\MountPoints2: {0e954e18-6748-11e5-a4cb-c86000be0956} - G:\AutoRun.exe HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\MountPoints2: {20828832-6764-11e5-877c-001e101fa1f5} - G:\AutoRun.exe HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\MountPoints2: {3df68af0-6745-11e5-a8d7-c86000be0956} - G:\AutoRun.exe HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\MountPoints2: {3df68b01-6745-11e5-a8d7-c86000be0956} - G:\AutoRun.exe HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\СЕКР\AppData\Local\Unmedia\UniMap_x86.dll ATTENTION ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-14] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-04] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices. Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\..\Interfaces\{75A304ED-8BAA-49B8-BF18-38BC980469EE}: [DhcpNameServer] 192.168.5.1 Tcpip\..\Interfaces\{97AF8C52-4F4C-4C9C-9671-D100EE0EAC98}: [NameServer] 10.77.48.33 10.77.48.49 Tcpip\..\Interfaces\{A037D517-1F18-480E-A7CA-1DC3C8B60432}: [NameServer] 10.77.48.33 10.77.48.49 Tcpip\..\Interfaces\{B04BC887-18C3-43E6-89DB-E1DEB6BE836E}: [NameServer] 10.77.48.33 10.77.48.49 Internet Explorer: ================== HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yandex.ru/ URLSearchHook: [S-1-5-21-2868252174-1540766134-1988227909-1000] ATTENTION => Default URLSearchHook is missing SearchScopes: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb SearchScopes: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-24] (Oracle Corporation) BHO: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-14] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-24] (Oracle Corporation) Toolbar: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File DPF: {77E06B43-DAE7-44C8-A17E-142F018E412C} hxxps://bco.vtb24.ru/Content/mesproax.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\СЕКР\AppData\Roaming\Mozilla\Firefox\Profiles\eyexhsne.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll [2009-05-12] (DivX,Inc.) FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-24] (Oracle Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2868252174-1540766134-1988227909-1000: @tensor.ru/SbisPluginClient,version=1.0.0 -> C:\Users\СЕКР\AppData\Roaming\SbisLauncher\Plugins\SbisPluginClient\npSbisPluginClient.dll [2015-02-20] () FF user.js: detected! => C:\Users\СЕКР\AppData\Roaming\Mozilla\Firefox\Profiles\eyexhsne.default\user.js [2016-04-13] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11] Chrome: ======= CHR Profile: C:\Users\СЕКР\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-14] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-14] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-14] (Avast Software) R2 cpcsp1; C:\Program Files\Crypto Pro\CSP\cpcspi.dll [639344 2012-12-06] (Компания КРИПТО-ПРО) S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт) R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2008-12-11] (FirebirdSQL Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2043904 2008-12-11] (FirebirdSQL Project) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.) S2 MegaFon Modem. RunOuc; C:\Program Files\MegaFon Modem\UpdateDog\ouc.exe [240640 2015-09-30] () [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-14] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-08-14] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-14] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-09] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-08-14] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-14] (AVAST Software) R1 CProCtrl; C:\Windows\System32\DRIVERS\CProCtrl.sys [65864 2012-12-04] (Компания КРИПТО-ПРО) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78416 2009-07-14] (Корпорация Майкрософт) R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-14] (AVAST Software) R3 RTIFDH; C:\Windows\System32\DRIVERS\rtIFDH.sys [13312 2012-02-27] (Компания "Актив") S3 uti4otc0; C:\Windows\system32\Drivers\uti4otc0.sys [7168 2016-04-14] () [File not signed] R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-14] (Avast Software) R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт) ========================== Drivers MD5 ======================= C:\Windows\system32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys DDC040FDB01EF1712A6B13E52AFB104C C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aksfridge.sys C6397472A8788505FB23C85441837978 C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdsata.sys 2101A86C25C154F8314B24EF49D7FBC2 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\amdxata.sys B81C2B5616F6420A9941EA093A92B150 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\system32\drivers\aswHwid.sys D358A8946FC76F9B8564CB424A4D6921 C:\Windows\system32\drivers\aswMonFlt.sys 4121974453BB7B823CB0519539995A7A C:\Windows\system32\drivers\aswRdr2.sys EA36346304039B5160E6A365FCA099CB C:\Windows\system32\Drivers\aswRvrt.sys 02E5376D5EDFC3869DF9B459AD006949 C:\Windows\system32\drivers\aswSnx.sys 8EDBD7804545A3E25B98BB1BB9A269F6 C:\Windows\system32\drivers\aswSP.sys 9C24AE55599F7E3E484ECFB8F90554BB C:\Windows\system32\drivers\aswStm.sys 2A4FDC85161C0BCA50F4489F7DC91ADB C:\Windows\system32\Drivers\aswVmm.sys 8B31DFB7A3BFB59A40086E6749D0AF95 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys FCAFAEF6798D7B51FF029F99A9898961 C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CProCtrl.sys 6C8B3991AC73FE8EA04D7F463B030CD6 C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys 8E09E52EE2E3CEB199EF3DD99CF9E3FB C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 39806CFEDDCC55E686A49BCCD2972F23 C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ewusbwwan.sys D54AD002B278AD8A629B74F60FEA36F1 C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 57C171EA22F0A7F068FCB0CAEDD1E8E7 C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys 61A973F60E94A551BA7B15F3460444FB C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\system32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys 5592F5DBA26282D24D2B080EB438A4D7 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hardlock.sys 3D6F9920F74FF2BD81EBAAAA7247969C C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ew_jubusenum.sys 2AEB89AEAC08ECD23FC0DA3EB4330A29 C:\Windows\System32\DRIVERS\ewusbmdm.sys D276036EBE90A3A2E94AA59C73967F79 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\iaStorV.sys 934AF4D7C5F457B9F0743F4299B77B67 C:\Windows\System32\DRIVERS\igdkmd32.sys 38B33E6570D3D399C63CCCFB2F73C30F C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys F4A054BE78AF7F410129C4B64B07DC9B C:\Windows\System32\DRIVERS\mrxsmb10.sys DEFFA295BD1895C6ED8E3078412AC60B C:\Windows\System32\DRIVERS\mrxsmb20.sys 24D76ABE5DCAD22F19D105F76FDF0CE1 C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\system32\Drivers\ngvss.sys DE112A8B8E5ADC26E83791FFF6832B17 C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\system32\Drivers\Ntfs.sys 3795DCD21F740EE799FB7223234215AF C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nvraid.sys 3F3D04B1D08D43C16EA7963954EC768D C:\Windows\system32\DRIVERS\nvstor.sys C99F251A5DE63C6F129CF71933ACED0F C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6 C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075 C:\Windows\System32\drivers\rdpdr.sys C5FF95883FFEF704D50C40D21CFB3AB5 C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\system32\Drivers\RDPWD.sys 801371BA9782282892D00AADB08EE367 C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rtIFDH.sys 6C5BAB6BE480D966A3904D8BF12AA3AC C:\Windows\System32\DRIVERS\Rt86win7.sys 6A2586DCB5B04A52404699EB325DF1DB C:\Windows\system32\DRIVERS\vms3cap.sys 5423D8437051E89DD34749F242C98648 C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5 C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51 C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 2BA4EBC7DFBA845A1EDBE1F75913BE33 C:\Windows\System32\DRIVERS\srv2.sys DCE7E10FEAABD4CAE95948B3DE5340BB C:\Windows\System32\DRIVERS\srvnet.sys B5665BAA2120B8A54E22E9CD07C05106 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vmstorfl.sys 957E346CA948668F2496A6CCF6FF82CC C:\Windows\system32\DRIVERS\storvsc.sys D5751969DC3E4B88BF482AC8EC9FE019 C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 2CC3D75488ABD3EC628BBB9A4FC84EFC C:\Windows\System32\DRIVERS\tcpip.sys 2CC3D75488ABD3EC628BBB9A4FC84EFC C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF C:\Windows\System32\drivers\tdtcp.sys 7551E91EA999EE9A8E9C331D5A9C31F3 C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542 C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5 C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242 C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00 C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 8455C4ED038EFD09E99327F9D2D48FFA C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys 1C333BFD60F2FED2C7AD5DAF533CB742 C:\Windows\System32\DRIVERS\usbhub.sys EE6EF93CCFA94FAE8C6AB298273D8AE2 C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS D8889D56E0D27E57ED4591837FE71D27 C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit C:\Windows\system32\Drivers\uti4otc0.sys 524D8D450622DB4A7875B111C299A76B C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys 53D2D97E86482E0BF46462D9DCFEEC9D C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583 C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vmbus.sys 379B349F65F453D2A6E75EA6B7448E49 C:\Windows\system32\DRIVERS\VMBusHID.sys EC2BBAB4B84D0738C6C83D2234DC36FE C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3 C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUSB.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252 ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-14 16:22 - 2016-04-14 16:26 - 00000000 ____D C:\FRST 2016-04-14 16:19 - 2016-04-14 16:21 - 01725952 _____ (Farbar) C:\Users\СЕКР\Downloads\FRST.exe 2016-04-14 13:33 - 2016-04-14 13:39 - 00007168 _____ C:\Windows\system32\Drivers\uti4otc0.sys 2016-04-14 09:19 - 2016-04-14 09:19 - 248427585 _____ C:\Windows\MEMORY.DMP 2016-04-14 09:19 - 2016-04-14 09:19 - 00131072 _____ C:\Windows\Minidump\041416-29952-01.dmp 2016-04-14 08:40 - 2016-04-14 13:28 - 11854364 _____ C:\Users\СЕКР\Downloads\AutoLogger.zip 2016-04-14 08:39 - 2016-04-14 08:39 - 00000084 _____ C:\Users\СЕКР\Downloads\OsZone.txt 2016-04-14 08:31 - 2016-04-14 08:31 - 00016896 _____ C:\Users\СЕКР\Desktop\1304.xls 2016-04-14 08:28 - 2016-04-14 08:28 - 00015368 _____ C:\Users\СЕКР\Downloads\kl_to_1c.txt 2016-04-13 15:06 - 2016-04-13 15:18 - 00280432 _____ (Компания Тензор ) C:\Users\СЕКР\Downloads\sbis-setup-edo.exe.part 2016-04-13 14:27 - 2016-04-13 14:27 - 00006775 _____ C:\Users\СЕКР\Downloads\1c_to_kl.txt 2016-04-13 12:46 - 2016-04-13 12:46 - 00051684 _____ C:\Users\СЕКР\Desktop\ФК Партнер.pdf 2016-04-12 12:44 - 2016-04-12 16:55 - 30970380 _____ C:\RectorDecryptor.2.7.0.0_12.04.2016_12.44.45_log.txt 2016-04-12 12:40 - 2016-04-12 12:42 - 00002492 _____ C:\XoristDecryptor.2.4.0.0_12.04.2016_12.40.56_log.txt 2016-04-12 12:40 - 2014-12-08 11:49 - 00000000 _____ C:\Users\СЕКР\Documents\ЮГРЛ.decryptedKLR.pdf 2016-04-12 12:38 - 2016-04-12 12:40 - 00082360 _____ C:\RectorDecryptor.2.7.0.0_12.04.2016_12.38.24_log.txt 2016-04-12 12:34 - 2016-04-13 08:58 - 00000000 ____D C:\Users\СЕКР\Desktop\ФАЙЛЫ 2016-04-12 12:24 - 2016-04-12 12:34 - 02551414 _____ C:\RectorDecryptor.2.7.0.0_12.04.2016_12.24.14_log.txt 2016-04-12 12:19 - 2016-04-12 12:20 - 05101050 _____ C:\RectorDecryptor.2.7.0.0_12.04.2016_12.19.50_log.txt 2016-04-12 12:17 - 2016-04-12 12:19 - 01169974 _____ C:\XoristDecryptor.2.4.0.0_12.04.2016_12.17.49_log.txt 2016-04-12 12:14 - 2016-04-12 12:21 - 00000606 _____ C:\Users\СЕКР\Desktop\Установить Kaspersky Internet Security версии 16.0.0.614.lnk 2016-04-12 12:14 - 2016-04-12 12:17 - 05100888 _____ C:\RectorDecryptor.2.7.0.0_12.04.2016_12.14.30_log.txt 2016-04-12 12:14 - 2016-04-12 12:14 - 00000000 ____D C:\Users\Все пользователи\Kaspersky Lab Setup Files 2016-04-12 12:14 - 2016-04-12 12:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2016-04-12 11:39 - 2016-04-12 10:56 - 387095149 _____ C:\Users\СЕКР\Desktop\1Cv8.dt 2016-04-12 11:01 - 2016-04-12 11:01 - 00139208 _____ C:\Users\СЕКР\AppData\Local\GDIPFONTCACHEV1.DAT 2016-04-12 11:01 - 2016-04-12 11:01 - 00000020 ___SH C:\Users\СЕКР\ntuser.ini 2016-04-12 10:34 - 2016-04-14 08:10 - 00000000 ____D C:\Users\СЕКР\AppData\Local\Unmedia 2016-04-12 10:34 - 2016-04-14 07:55 - 00000000 ____D C:\Users\СЕКР\AppData\Local\Ilnsoft 2016-04-12 10:32 - 2016-04-12 10:32 - 03133494 _____ C:\Users\СЕКР\AppData\Roaming\D2C155A6D2C155A6.bmp 2016-04-12 09:43 - 2016-04-13 09:51 - 00000000 __SHD C:\Users\Все пользователи\Windows 2016-04-12 09:43 - 2016-04-13 09:51 - 00000000 __SHD C:\ProgramData\Windows 2016-04-12 09:17 - 2016-04-13 11:36 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-04-12 01:14 - 2016-04-12 01:14 - 00002390 _____ C:\Users\СЕКР\AppData\Roaming\OsseletStopoffSecrecy 2016-04-09 11:01 - 2016-04-09 11:01 - 00025600 _____ C:\Users\СЕКР\AppData\Roaming\snoots.dll 2016-04-04 14:52 - 2016-04-04 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-03-30 11:31 - 2016-04-12 10:05 - 00523424 _____ C:\Users\СЕКР\Downloads\z5oi5572O7PQHCEIir0S4M+nLtQk9PcxgbUkqxWAlWw=.D068EEF4380DA39AF394.better_call_saul 2016-03-28 10:14 - 2016-03-28 10:14 - 00000000 ____D C:\Program Files\gnivc 2016-03-28 10:11 - 2016-03-28 10:11 - 00000676 _____ C:\Users\Public\Desktop\CheckPfr.lnk 2016-03-28 10:11 - 2016-03-28 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CheckPfr ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-14 16:19 - 2009-07-14 08:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-14 16:19 - 2009-07-14 08:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-14 16:18 - 2013-07-23 11:49 - 01533604 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-14 16:18 - 2009-07-14 12:41 - 00683906 _____ C:\Windows\system32\perfh019.dat 2016-04-14 16:18 - 2009-07-14 12:41 - 00132474 _____ C:\Windows\system32\perfc019.dat 2016-04-14 16:18 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\inf 2016-04-14 16:11 - 2009-07-14 08:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-14 16:11 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\tracing 2016-04-14 16:07 - 2015-01-23 12:39 - 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-04-14 16:01 - 2014-07-08 11:13 - 00000000 ____D C:\Users\СЕКР\AppData\Roaming\SbisLauncher 2016-04-14 16:00 - 2015-12-30 09:10 - 00000000 ____D C:\Users\Все пользователи\SBISDisk 2016-04-14 16:00 - 2015-12-30 09:10 - 00000000 ____D C:\ProgramData\SBISDisk 2016-04-14 13:29 - 2013-09-19 08:52 - 00000000 ____D C:\Users\СЕКР\AppData\Roaming\WinRAR 2016-04-14 09:19 - 2014-06-26 08:52 - 00000000 ____D C:\Windows\Minidump 2016-04-13 11:36 - 2013-09-19 16:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-04-13 11:25 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\system32\NDF 2016-04-13 09:56 - 2013-09-19 13:32 - 00000000 ____D C:\СБиС++ Документооборот 2016-04-13 09:55 - 2013-11-13 16:05 - 00000000 ____D C:\Users\СЕКР\ФСС 2016-04-12 11:01 - 2013-09-19 13:37 - 00000000 ____D C:\Users\СЕКР\AppData\Local\Sbis 2016-04-12 11:01 - 2013-07-23 11:44 - 00000000 ____D C:\Users\СЕКР 2016-04-12 10:32 - 2013-09-19 16:22 - 00000000 ____D C:\CheckXml 2016-04-12 10:31 - 2015-10-15 11:37 - 00053920 _____ C:\Users\СЕКР\beVHsygJz8MLiCoogH6AF-dtAGU-1ZbHgWNP2PUGZ5trWckbSCKbszuoH9cjDQFP.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2015-04-14 08:12 - 00008576 _____ C:\Users\СЕКР\833bVWMx4WQJ6B-Nu0V8wQ==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2015-01-16 09:01 - 00098688 _____ C:\Users\СЕКР\zEX9RKtOKtkrgAe4GWxtrNs-xLTwbl61JkFhc2Q+mHnPiF6lmkD0VakCCJqkzXgCut1CEkZjpB0JkN5Mi1URhV00pWmj8oB-T+Rb6bMMeI7kIl+nWrftakGvo+jBgm3k.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2015-01-15 14:30 - 00030144 _____ C:\Users\СЕКР\JLOpbcioedxMeyLXv0+jcgjPd6LhE5Tf4dHicm3oFE3m0fwMaStivzCyuE2bRPoY7fQiMCQExh-mDMg4A4MhHejq+9FRnXfBoYy8Jiw+7QYLujQLoQ12mJwTgA3dfQur.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2014-12-30 12:08 - 00000560 ____H C:\Users\СЕКР\heABFeydXyEDGHKlFVjzT-c8ghabGr4N3B8UwlJPbtYPREdTb3RiB561SN1eqwb3-O4MfGVDIv9ArD7dfBIjrA==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2014-09-30 10:39 - 00035200 _____ C:\Users\СЕКР\nEN4WGrJH0SbSjjDXLu9dL8FHDpipUcKIOlecog9h722WdmI667jBXIN5ZMaijjd.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2014-09-19 10:57 - 00027520 _____ C:\Users\СЕКР\Is+8PQG9xDw9bBuqM6Wh3i5safpiRC9tIKpeuUFWptQ=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2014-09-16 10:34 - 00027008 _____ C:\Users\СЕКР\+1GDuo+9b1GOd1KUNxdJMHPMZ4E2Vl1Da8wS0xcpm+M=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2014-09-16 10:34 - 00019328 _____ C:\Users\СЕКР\Nj0jwjDBd+b+zI2f6FG1iOdD+2JDM0Ojh6qpHCc0RPo=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2014-04-17 14:45 - 21173408 ____H C:\Users\СЕКР\AppData\Local\LmuCgrgr8qu+Tti+vpiJ+8efju9fND0PmvBvTp2ZedM=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2014-02-17 13:15 - 00192896 _____ C:\Users\СЕКР\dOm+pWCrkygWG5t0F7jtG0bqfvORdAhN5IpnGqMt7oC8HmjZZrrSlztEpv3sKdbC.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2014-02-12 09:46 - 00020352 _____ C:\Users\СЕКР\aWnxSEjrE6tAI0sahwa+DcnbEgR-D1hNaFp2A8pv4kIhJGuSpPqwjLa0hNEBHl98.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2013-11-13 16:05 - 00019328 _____ C:\Users\СЕКР\OR47P3mHLheZJjw6bmKo1CKYGoEOOuUr9EJaX6DRbcY1VS5lYVZbUWMzVBr6+JYT6SEWFXIYpOYZ0xizE5FbEA==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2013-09-19 08:45 - 00139600 _____ C:\Users\СЕКР\AppData\Local\38pSP0so+X-DBCEaGlj6bugiw283sdilpxGuWrdFmM7ikQkS4lOzd2+XqWhR0EWH.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:31 - 2013-07-23 11:44 - 00000416 ___SH C:\Users\СЕКР\wArnUQMRWswb79yvwDPIWA9YoE7v1X-5IlASRnIKAjo=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:15 - 2013-11-13 16:17 - 00033520 _____ C:\Users\СЕКР\AppData\Roaming\ITD9wzp4lVuONi921rAalIg4HrnN+WOE7LKQkPr1nTI=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:09 - 2015-09-30 11:15 - 00000000 ____D C:\Users\СЕКР\AppData\Roaming\MegaFon 2016-04-12 10:05 - 2016-03-10 09:46 - 00006096 _____ C:\Users\СЕКР\Downloads\b-uFolshuyEMQr3qg0wMmQ==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2016-02-26 09:23 - 00017440 _____ C:\Users\СЕКР\Downloads\gIJHW+AhtH6h8xItz4RtzA==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2016-01-20 17:37 - 00104320 _____ C:\Users\СЕКР\Documents\Rr66spnVzCdh9Gaqg15ubaZy0i6i3LhCzXymDjiPZ1vbxXYsFNFFwFnPIF05nKwXAp1UeJTMOIuNFvwedQsDhPZV0QwUZRR7ClK-BuSE+Fg=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2016-01-20 17:07 - 00086464 _____ C:\Users\СЕКР\Downloads\p0npOxLB+03mTkUAK62u+j+AoTb0mObcliClfjnpqCwiXxpaADUOawirse77La0J6pk6vgconJjWL1O4qiIIOg==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2016-01-20 13:37 - 02031648 _____ C:\Users\СЕКР\Downloads\6XjasvV6NaXEwM2UnJObJw==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-12-25 15:02 - 00040320 _____ C:\Users\СЕКР\Documents\wXxBDlGvpN81qalHgsDe+8GUKS9H7gemMf+5JWw3JMA=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-12-25 10:01 - 00014720 _____ C:\Users\СЕКР\Downloads\zgzLSoK2BEceQsmywhVU8kwP+0MWChtbtzt7e6cwcyA=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-12-14 10:47 - 00034176 _____ C:\Users\СЕКР\Downloads\u8PINS0F1by-jy8l4HoPCNMA7MHHxnZgrj9jM3muC64=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-12-11 13:58 - 00430608 _____ C:\Users\СЕКР\Downloads\c23tOA4ChRL-UDEOcwfTwVL6vQL9KlLn9wiJ0Uj1s8sTyvZmK-xX1xqPuAc-pIxWJEDlPt1rsemDMWNqYbWa-NsvS6fJOHYeJSfrEshtKvk=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-12-11 13:52 - 00430608 _____ C:\Users\СЕКР\Downloads\RKNFtxHW7ocQ1NChLSYALKbv0ldW054rtV-L76ULr-St7I5cjE+HYRfA3p8OFrjAlZEpvD2+fGmVd19d3VaakTsCgUE9vnYVSKh1nBV6jsI=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-12-10 12:48 - 00037248 _____ C:\Users\СЕКР\Downloads\H0NYTCiDZbwFDd6vM8rwxQC2xymWyD1Vu4F3bKOunQZQ+E9vOCsMNk7ORf8osHjq.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-12-10 12:26 - 00000000 ____D C:\Users\СЕКР\Documents\моя папка 2016-04-12 10:05 - 2015-11-27 14:43 - 00056192 _____ C:\Users\СЕКР\Documents\Организация в качестве подрядчика заключила договор подряда с физическим лицом.doc.los_pollos 2016-04-12 10:05 - 2015-11-24 15:37 - 00037760 _____ C:\Users\СЕКР\Documents\7vzk+z0+cL6kxt9fZe5LlMJjasRksQtYeSRY-dkGegQ=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-11-12 15:42 - 00086912 _____ C:\Users\СЕКР\Documents\CogHafKh4b+JLcxHFuyv-nC1NADB13AvKbQI95Q+vj+nFmw5GlZXoOEUH1hYmQlH.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-11-12 15:10 - 00034176 _____ C:\Users\СЕКР\Documents\3PIM6QypCbuuOrgOLvTTGU6SGiJdLGA6nnYRpIruJ9k=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-21 11:11 - 00070000 _____ C:\Users\СЕКР\Downloads\FJVsK6YJG51Rk3Bvym79sPlupiH5K6vRe0CAApSpkYU=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-20 16:41 - 00104320 _____ C:\Users\СЕКР\Documents\LAIBUudXN0ps2g6u2HF17tNMIWK087iOxlTbb4WCMmUBHxrbXuXq8ciZwresr8gfvf0zG2xpa9u3m441VgiYGw==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-20 15:56 - 00317824 _____ C:\Users\СЕКР\Documents\A0d25x2dz19NJQXac8DA85J9AAz5mi59kpNe-fAFlJRBk-En-ZDIHFFkHXTkIfVU.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-16 11:29 - 00000400 _____ C:\Users\СЕКР\Documents\EED9vAUviJGVogW7rHxYYtC3VTfrSOrleNEyWoVk-uy+VFiIWuakBbdmGLwXZt0M.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-14 10:37 - 00401792 _____ C:\Users\СЕКР\Documents\69Pth2rTD4ujZs6SpFWz3T7cX2yruNnMxxqqmnpnoBU=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-01 16:49 - 00216896 _____ C:\Users\СЕКР\Downloads\sCk801YMm1HHAYQ9rOcOIWPH5feQ4+PFEQMZnVE-jGw=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-01 15:36 - 00312240 _____ C:\Users\СЕКР\Downloads\M9kKUKKleeDIO50681CdVpxXqbcEdrnERWMrbiBdgGD4OHFGIasM-ozZou9JvrLrukX7k0dThS5wjhBq1eubjny6IREcqqxQ5SfDErJbT5soYiFW3YVW7rJiKyval3wY.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-01 12:03 - 00663280 _____ C:\Users\СЕКР\Downloads\OwyqEx2wN3wwD8PZEmCj6A==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-01 11:21 - 00256736 _____ C:\Users\СЕКР\Downloads\X200PX1161OOLGhkxn095GfdIrFHFyL-ZdpQmTwyCaQX4bKQGgy5WZMTJXt-23XIo7FeTTnAusBLIqg2QHn1VE5sLFH8PT31ONMEikJ0ER4=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-01 10:10 - 00034000 _____ C:\Users\СЕКР\Downloads\O+4Xfvw86uakSly1UdjrELBgd0MGL8Bcq9GoAS5ImyVAN4bbPZqEI5U4FmEEvjSF.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-01 10:07 - 00125728 _____ C:\Users\СЕКР\Downloads\j9ovmscciZzPNXjv9ceWwEHt7sWjR2h4jvxMA0njUKQIgoSZsl5KjeV74yKIplmbLboz60xZLU+4YEDFMQ35v5qmVA+wOChKsucsvIssD0Y=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-10-01 10:06 - 00125728 _____ C:\Users\СЕКР\Downloads\nrxjr5thK2-ciqaApZp5ca6H5b7cOQwPoQ6soV5WoyorepoYOz5AthwXoCx+L+ZXJaX33AI3H7R5u7BrD90Rz3Bb6qfaale0oThSyAmVCwE=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-09-23 08:44 - 00000000 ___RD C:\Users\СЕКР\Documents\Scanned Documents 2016-04-12 10:05 - 2015-08-31 16:47 - 00027008 _____ C:\Users\СЕКР\Documents\ricHDZ3tWXftbRr9Hx2Zu7EarhThYP2vDFLcVmOGSL997gOVe04qSBDMa4gG8Skk.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-08-19 11:51 - 00026496 _____ C:\Users\СЕКР\Documents\WdBPoCDCK7TURbJ7qgNq3G4t53wTnQidQxUDTozqKD0=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-08-07 12:51 - 00053344 _____ C:\Users\СЕКР\Downloads\exmO4gY5A+NlQ-pkGB5GiuKUm5dTeVpDgmz6LED-SlQ=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-07-14 12:38 - 00898704 _____ C:\Users\СЕКР\Downloads\wrTs2omVxXITRIAjDkmXd2Ash+7VPWF9No++rfJdsxgfSqtbf-1EfwIh6kwofQ3Z.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-07-09 14:06 - 00053328 _____ C:\Users\СЕКР\Downloads\094r78HnGGiNEqpCU4S3KuWvmJ7ZjXf1dZ3GBgH1KDA=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-07-09 13:52 - 00051664 _____ C:\Users\СЕКР\Downloads\wzVpeiGUU665L8FNEc2BQIjNKttoVf7AIfp9kt1axrs=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-07-02 13:55 - 00488320 _____ C:\Users\СЕКР\Downloads\mddSOHB26yUDeiUZ3nUgW6hGrBmmajPmhA9a7+kxGDc=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-29 17:05 - 00032128 _____ C:\Users\СЕКР\Downloads\n+A1UldFd1K3Ccz0SCEAIY1-LFnimaQfbbhWqVCvQKfZvyWfoJlmDrTxxqzRFgaR.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-29 17:02 - 00033152 _____ C:\Users\СЕКР\Downloads\axSNRNUVSQHVQCSw8LRYfrXjeG+Ryx-+NwnvU50yFkrUzOSjVnS2uU9xpJZi4Q3V.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-29 16:29 - 00049536 _____ C:\Users\СЕКР\Downloads\HASAIMviisIjPlyKtjbwdw==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-23 08:14 - 00011648 _____ C:\Users\СЕКР\Downloads\Fe8riE4ijuKMhvdFHBTz7Q==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-19 10:51 - 00012672 _____ C:\Users\СЕКР\Downloads\xbsdbISFAO5lafk5cX4svA==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-15 08:59 - 00122240 _____ C:\Users\СЕКР\Downloads\L3wULRe6wV7P7Nj7OkulzVpRExeF8S0tSjKpwM4yaFIUZz4K2Kpq5zPFQmrg2PhT.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-15 08:57 - 00122240 _____ C:\Users\СЕКР\Downloads\vgb0Anea29BjnrX+O1RkkfCbPc8fD1v94dpfY27IEws=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-08 14:13 - 00022912 _____ C:\Users\СЕКР\Downloads\3iEY6-18tw1Gk2iy4ZrkUfX3RFLzLWxJgGWqY2GvmoluvrNGkX1SV3bQJQghBXoXoqTJ+0YFdEaTk-zzusTrNQ==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-08 10:08 - 00137296 _____ C:\Users\СЕКР\Downloads\rKmW-3Q6c0KWfAaSoZMhPLSka7WG6DDjeYuWosVtkKkdeX6S9muRasKAQ-39K6Wr.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-02 14:02 - 00130944 _____ C:\Users\СЕКР\Downloads\+CukYLrC1Y6+9LIefUWwpKb-sB0yb-JpsNe+lX-+rNc=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-02 12:10 - 00036736 _____ C:\Users\СЕКР\Downloads\1v5or764VsDvvLjaxRh8NVn07BXOEPEwGTmB7WPqc6OwU126melgIUgzbmwSp5fC.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-01 12:43 - 00035712 _____ C:\Users\СЕКР\Downloads\cxFWeRBQUJjKT-gMbtIQ-vpkizq6R7G37kmIv6ch6dR1xpAzU3kR+Ih5OuSNFGo1UOjWdvQW6SvuoQKKMuqFp2M-GYwdW1-E8Rykwtng9rI=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-01 12:05 - 00021824 _____ C:\Users\СЕКР\Downloads\uay2quevPQvzDvGm5NfhEfgOuna+UTLKM6TsL5jnE1W2KOcCXooxfB3LkieFlW8kqdIV0EAk2Y4HfJpsJ30cLPRbbbVmY8J8KVgYtVbtPzg=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-06-01 11:09 - 02459008 _____ C:\Users\СЕКР\Downloads\RWiRLrsUNUW00ZEHvReCdrS3-WRfnHmrne5zdUjQ-Y3-1ij7ur02gs9CCvrjPSdlAvtzKgQwIgSGB20usHy7nw==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-05-29 08:29 - 00009984 _____ C:\Users\СЕКР\Downloads\CMXYPsqasWCaPujeibjnizzt8+ZGNLDlKDwLzkkdyLU=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-05-28 08:24 - 00011936 _____ C:\Users\СЕКР\Downloads\bvvVcFbnj0uFAAlgPBmdPR0-ufVlFEvQ0N3833Ey9C8=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-05-27 11:10 - 00053808 _____ C:\Users\СЕКР\Downloads\jC5-FyDUsxTbdMEQuCDFA7J1yKNRgfkFnwJ2NwvYNFY=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-05-27 08:30 - 00005744 _____ C:\Users\СЕКР\Downloads\D+dpDpnAhwmqF-7lufLWY2qPkEJTIfB2xTb9qHHJvBM=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-05-26 09:53 - 00004000 _____ C:\Users\СЕКР\Downloads\4NCgnUkiGL7emf6Sib3feGWDC5qIZK+lJAxWR5UhSyw=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-05-25 14:27 - 00053952 _____ C:\Users\СЕКР\Downloads\j3RZ6U4snQigA+2o+h14raSVCvjbXoK8-Unh9CowX+A=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-04-01 14:32 - 00021376 _____ C:\Users\СЕКР\Downloads\YWSWkZ2YrsSQvLPE+rgvzZexjexOgLt31yLZZr8RCh4ks4JMjvwNLbhAK64gRedG.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-03-27 12:12 - 00029568 _____ C:\Users\СЕКР\Downloads\12SCdYbcVuahy+-Ve9MPupTXWpvKXwTYvZm5c1sUP69Am2uut5BSBOVxMDLocqgvaLpTcJHKReQp6OFC9ZOfT2bdh-EnZyCD+FpEzbGBXViUzepwgg823z9Vi-i3jhBVAX7r-icPkHYJFf6hM+KGUg==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-03-27 12:11 - 00030080 _____ C:\Users\СЕКР\Downloads\x-AdvsNmbWZMG6mk+ylkrr56Tp9jpob5LFv-AwLkSrDcgrqYEOFLOtXAQaHIYIjaQBC+9KZNEieUJLsizXQkSHjSxaZPzI1mFcj+QPuotpmc5IbzG09NfyKgB41gOWHT.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-03-26 17:13 - 00202688 _____ C:\Users\СЕКР\Downloads\9lQ9aR8iiASSp6+j5UbkF3oBpHpLq2ylJ2TZQG6qM-8=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-03-26 10:06 - 00042368 _____ C:\Users\СЕКР\Documents\QDtSo0qhhGpNjDQ5VYfPpJGQeg1FQepDC0GA0ziV8vmZxgQ-HPopawjPWenLxk-yahH3gui9mBVDhw8Ldyp1lng7Br-jxUOHYCmgzZnBbo4=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-03-26 10:02 - 10100784 _____ C:\Users\СЕКР\Documents\2qQlG0qWXcgOsjNa4tLluqxvsTuhfhVsMTY3MI0t4PM=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-03-26 10:02 - 06169952 _____ C:\Users\СЕКР\Documents\NtQS2OhS5iY9Yp27krbRU4N0T6Kvvmc0mB7NlfNU5wE=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-03-26 09:57 - 00000000 ____D C:\Users\СЕКР\Downloads\Сбис сертификат 2016-04-12 10:05 - 2015-03-12 10:23 - 00000000 ____D C:\Users\СЕКР\Downloads\Банк 2016-04-12 10:05 - 2015-03-11 11:25 - 00000560 ____H C:\Users\СЕКР\Downloads\xLQpom19eNIVHc2VPJY8ODgy0CQcsOdu23DdYeSHAOZCWqm151wzMjYv20tF0MuSLl2FCCP8Jdra6oKFGjRuqJv2SvDPV2jckobaOgChyNvbFv14Cc7GiORXjKHtA5p0E4dFmSoC3GyCwgKb2kcnIuq7-w6qpwNuQg0MYP3exQM=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2015-01-12 16:42 - 00000000 ____D C:\Users\СЕКР\Акты 2016-04-12 10:05 - 2014-09-25 15:45 - 00038784 _____ C:\Users\СЕКР\Documents\o9uww8wgUYHU5d+wqI4erw==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2014-02-19 12:36 - 00026496 _____ C:\Users\СЕКР\Documents\1-h4Irmiap85cFPpVklixdwaEibjL-chvDPUGrHNaP+c9gtooMM0YvjIp+54Q3BJ.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2014-02-10 16:24 - 00000000 ____D C:\Users\СЕКР\Downloads\счета 2016-04-12 10:05 - 2014-01-16 12:30 - 00000000 ____D C:\Users\СЕКР\Downloads\СНА 2016-04-12 10:05 - 2013-12-23 14:24 - 00000000 ____D C:\Users\СЕКР\Documents\Письма 2016-04-12 10:05 - 2013-11-28 11:31 - 00025984 _____ C:\Users\СЕКР\Documents\r2MQ+HOlBP0InFlmcRfTBD73Rix0TrmezksVzOSWu8vVoZBMs2SoCUdeFYk2YQ3jUHaXXb5ji2Jr+g3wHy4exg==.D068EEF4380DA39AF394.better_call_saul 2016-04-12 10:05 - 2013-10-10 09:08 - 00000000 ____D C:\Users\СЕКР\ОТЧЁТЫ 2016-04-12 10:05 - 2013-09-19 17:00 - 00000000 ____D C:\Users\СЕКР\AppData\Roaming\TeamViewer 2016-04-12 10:04 - 2015-01-12 16:45 - 00000000 ____D C:\Users\СЕКР\Штатное расписание 2016-04-12 10:04 - 2015-01-12 16:43 - 00000000 ____D C:\Users\СЕКР\Приказы 2016-04-12 10:04 - 2015-01-12 16:42 - 00000000 ____D C:\Users\СЕКР\Справки 2016-04-12 10:04 - 2014-03-25 11:39 - 00000000 ____D C:\Users\СЕКР\ИФНС 2016-04-12 10:04 - 2014-03-13 14:12 - 00000000 ____D C:\Users\СЕКР\доверенности 2016-04-12 10:04 - 2014-02-03 11:26 - 00000000 ____D C:\Users\СЕКР\Письма 2016-04-12 10:04 - 2013-12-02 17:17 - 00000000 ____D C:\Users\СЕКР\Уч.документы 2016-04-12 10:04 - 2013-11-13 16:05 - 00000000 ____D C:\Users\СЕКР\МОЭК 2016-04-12 10:03 - 2014-06-26 15:37 - 00000000 ____D C:\МОЁ 2016-04-08 11:07 - 2013-11-05 11:26 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-04-08 11:07 - 2013-11-05 11:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-04-04 14:52 - 2015-11-16 17:32 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-04-04 14:52 - 2014-12-15 15:50 - 00002005 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2016-03-28 10:12 - 2013-09-19 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.0 2016-03-24 09:01 - 2009-07-14 08:52 - 00000000 ____D C:\Windows\system32\FxsTmp 2016-03-17 08:36 - 2009-07-14 08:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2013-10-02 06:54 - 2013-10-02 06:54 - 0000093 _____ () C:\Users\СЕКР\AppData\Roaming\Atikokan 2016-04-12 10:32 - 2016-04-12 10:32 - 3133494 _____ () C:\Users\СЕКР\AppData\Roaming\D2C155A6D2C155A6.bmp 2014-05-08 09:44 - 2014-05-08 09:44 - 0003114 _____ () C:\Users\СЕКР\AppData\Roaming\ETHK-B5-V 2014-05-08 08:05 - 2014-05-08 08:05 - 0000046 _____ () C:\Users\СЕКР\AppData\Roaming\g1_960 x 640 px 144 ppi.IMZ 2013-11-13 16:17 - 2016-04-12 10:15 - 0033520 _____ () C:\Users\СЕКР\AppData\Roaming\ITD9wzp4lVuONi921rAalIg4HrnN+WOE7LKQkPr1nTI=.D068EEF4380DA39AF394.better_call_saul 2016-04-12 01:14 - 2016-04-12 01:14 - 0002390 _____ () C:\Users\СЕКР\AppData\Roaming\OsseletStopoffSecrecy 2016-04-09 11:01 - 2016-04-09 11:01 - 0025600 _____ () C:\Users\СЕКР\AppData\Roaming\snoots.dll 2014-10-07 08:39 - 2014-10-07 08:39 - 0011264 _____ () C:\Users\СЕКР\AppData\Roaming\System.dll 2016-04-12 01:14 - 2016-04-12 01:14 - 0050253 _____ () C:\Users\СЕКР\AppData\Roaming\system_information.png 2013-09-19 08:45 - 2016-04-12 10:31 - 0139600 _____ () C:\Users\СЕКР\AppData\Local\38pSP0so+X-DBCEaGlj6bugiw283sdilpxGuWrdFmM7ikQkS4lOzd2+XqWhR0EWH.D068EEF4380DA39AF394.better_call_saul 2014-10-23 13:34 - 2014-12-03 16:52 - 0004096 ____H () C:\Users\СЕКР\AppData\Local\keyfile3.drm 2014-04-17 14:45 - 2016-04-12 10:31 - 21173408 ____H () C:\Users\СЕКР\AppData\Local\LmuCgrgr8qu+Tti+vpiJ+8efju9fND0PmvBvTp2ZedM=.D068EEF4380DA39AF394.better_call_saul Some files in TEMP: ==================== C:\Users\СЕКР\AppData\Local\Temp\3A35BC81.exe C:\Users\СЕКР\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\СЕКР\AppData\Local\Temp\SbisNotificatorUpdate.exe C:\Users\СЕКР\AppData\Local\Temp\uninst2.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ „ЁбЇҐвзҐа § Јаг§ЄЁ Windows -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale ru-RU inherit {globalsettings} default {current} resumeobject {af800822-f372-11e2-8b9d-a826c05ad930} displayorder {current} toolsdisplayorder {memdiag} timeout 30 ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale ru-RU inherit {bootloadersettings} recoverysequence {af800824-f372-11e2-8b9d-a826c05ad930} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {af800822-f372-11e2-8b9d-a826c05ad930} nx OptIn ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {af800824-f372-11e2-8b9d-a826c05ad930} device ramdisk=[C:]\Recovery\af800824-f372-11e2-8b9d-a826c05ad930\Winre.wim,{af800825-f372-11e2-8b9d-a826c05ad930} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\af800824-f372-11e2-8b9d-a826c05ad930\Winre.wim,{af800825-f372-11e2-8b9d-a826c05ad930} systemroot \windows nx OptIn winpe Yes ‚л室 Ё§ ०Ё¬  ЈЁЎҐа­ жЁЁ -------------------------- Ё¤Ґ­вЁдЁЄ в®а {af800822-f372-11e2-8b9d-a826c05ad930} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Џа®ўҐаЄ  Ї ¬пвЁ Windows --------------------- Ё¤Ґ­вЁдЁЄ в®а {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description „Ё Ј­®бвЁЄ  Ї ¬пвЁ locale ru-RU inherit {globalsettings} badmemoryaccess Yes Џ а ¬Ґвал EMS ------------- Ё¤Ґ­вЁдЁЄ в®а {emssettings} bootems Yes Џ а ¬Ґвал ®в« ¤зЁЄ  ------------------- Ё¤Ґ­вЁдЁЄ в®а {dbgsettings} debugtype Serial debugport 1 baudrate 115200 „ҐдҐЄвл Ћ‡“ ----------- Ё¤Ґ­вЁдЁЄ в®а {badmemory} ѓ«®Ў «м­лҐ Ї а ¬Ґвал -------------------- Ё¤Ґ­вЁдЁЄ в®а {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Џ а ¬Ґвал § Јаг§зЁЄ  -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Џ а ¬Ґвал ЈЁЇҐаўЁ§®а  ------------------- Ё¤Ґ­вЁдЁЄ в®а {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Џ а ¬Ґвал § Јаг§зЁЄ  ў®ббв ­®ў«Ґ­Ёп ----------------------------------- Ё¤Ґ­вЁдЁЄ в®а {resumeloadersettings} inherit {globalsettings} Џ а ¬Ґвал гбва®©бвў ------------------- Ё¤Ґ­вЁдЁЄ в®а {af800825-f372-11e2-8b9d-a826c05ad930} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\af800824-f372-11e2-8b9d-a826c05ad930\boot.sdi LastRegBack: 2016-04-08 14:23 ==================== End of FRST.txt ============================