Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-04-2016 Ran by МИХАИЛ 1 (administrator) on MICROSOFT-PC (14-04-2016 21:17:05) Running from D:\против вирусов Loaded Profiles: МИХАИЛ 1 (Available Profiles: МИХАИЛ 1) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Русский (Россия) Internet Explorer Version 9 (Default browser: "C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\amigo.exe" -- "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Autodesk) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe () C:\Windows\System32\srvany.exe () C:\Windows\kmsem\KMService.exe () C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe (Mail.Ru) C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe () C:\Windows\System32\PnkBstrA.exe (Mail.Ru) C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Vimicro) C:\Program Files\USB Camera\VM331_STI.EXE (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files\ExpressDownloader\TorrentExpress.exe (WestByte) C:\Program Files\Download Master\dmaster.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (LLC Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\MailRuUpdater.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (LLC Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\amigo.exe () C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\44.4.2403.3\amigo_cr.exe (Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\amigo.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\amigo.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ClassicShell] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [91648 2011-03-27] (IvoSoft) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-14] (ESET) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-17] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2011-03-02] () HKLM\...\Run: [331BigDog] => C:\Program Files\USB Camera\VM331_STI.EXE [536576 2011-03-02] (Vimicro) HKLM\...\Run: [2Gis Update Notifier] => "C:\Program Files\2gis\3.0\2GISTrayNotifier.exe" -delayed_start HKLM\...\Run: [DXDllRegExe] => C:\WINDOWS\system32\dxdllreg.exe HKLM\...\Run: [Guard.Mail.ru.gui] => C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [4721368 2015-11-21] () HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe" HKLM\...\Run: [gmsd_ru_005010171] => [X] HKLM\...\Run: [rec_en_77] => [X] HKLM\...\Run: [ZaxarGameBrowser] => "C:\Program Files\Zaxar\ZaxarGameBrowser.exe" -s HKLM\...\Run: [ZaxarLoader] => "C:\Program Files\Zaxar\ZaxarLoader.exe" /verysilent HKLM\...\Run: [Timestasks] => C:\ProgramData\TimeTasks\timetasks.exe" HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17361032 2011-07-29] (Skype Technologies S.A.) HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd) HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [Praetorian] => C:\Users\МИХАИЛ 1\AppData\Local\Yandex\Updater\praetorian.exe [1582976 2012-06-04] (Yandex LLC) HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [TorrentExpress] => C:\Program Files\ExpressDownloader\TorrentExpress.exe [630784 2013-05-30] () HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [browserset] => "C:\Users\МИХАИЛ 1\AppData\Roaming\BrowserSetup\browsersetup.exe" HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [Download Master] => C:\Program Files\Download Master\dmaster.exe [5889800 2015-04-21] (WestByte) HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation) HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [GameCenterMailRu] => C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe [5330816 2016-04-07] (LLC Mail.Ru) HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [eTranslator Update] => "C:\Users\МИХАИЛ 1\AppData\Roaming\eTranslator\eTranslator.exe" -checkforupdates HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [storegid] => C:\Users\МИХАИЛ 1\AppData\Local\storegid\storegid.exe HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [storegidUpdater] => C:\Users\МИХАИЛ 1\AppData\Local\storegid\storegidup.exe HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [SearchIndexer] => "C:\Users\МИХАИЛ 1\AppData\Roaming\SearchIndexer\desktopsearchservice.exe" HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [MailRuUpdater] => C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\MailRuUpdater.exe [5873880 2016-04-11] (Mail.Ru) HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-09] (Piriform Ltd) HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Run: [Client Server Runtime Subsystem] => "C:\ProgramData\Windows\csrss.exe" HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\MountPoints2: {3418cd00-1aa3-11e2-ae23-b870f4300684} - H:\LGAutoRun.exe ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-03-27] (IvoSoft) ShellIconOverlayIdentifiers: [Обработчик значков цифровых подписей AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2006-03-05] (Autodesk) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kbrowser-updater-utility.lnk [2014-08-18] ShortcutTarget: kbrowser-updater-utility.lnk -> C:\ProgramData\Kbrowser utility\kbrowser-updater-utility.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kinoroom Browser.lnk [2014-08-18] ShortcutTarget: Kinoroom Browser.lnk -> C:\Program Files\Kinoroom Browser\kinoroom-browser.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-15] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Быстрый запуск AutoCAD.lnk [2011-11-25] ShortcutTarget: Быстрый запуск AutoCAD.lnk -> C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc) Startup: C:\Users\МИХАИЛ 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\extsetup.lnk [2015-12-07] ShortcutTarget: extsetup.lnk -> C:\Users\МИХАИЛ 1\AppData\Local\Microsoft\Extensions\extsetup.exe (No File) Startup: C:\Users\МИХАИЛ 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Вырезка экрана и программа запуска для OneNote 2010.lnk [2013-09-03] ShortcutTarget: Вырезка экрана и программа запуска для OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7A7EBE4C-6A75-4293-A34A-19B3F0B95901}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B0115137-BEB8-4FF1-A591-B2DD6423A6B1}: [DhcpNameServer] 192.168.1.1 ManualProxies: 0hxxp://unblock.ga/files/unblock.pac Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130948636742305387&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yandex.ru HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://fuxio.net/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.yandex.ru HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\Software\Microsoft\Internet Explorer\Main,Search Page = www.yandex.ru HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.mail.ru/?ieverfix=1&fr=ieverfix_sg HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://fuxio.net/ URLSearchHook: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000 - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll No File SearchScopes: HKLM -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg SearchScopes: HKU\.DEFAULT -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg SearchScopes: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BD4D0D611-0D87-4C90-B2BD-0C1B83F5930C%7D&gp=789119 SearchScopes: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000 -> {4583166F-AF84-412F-8D2A-60B2BCAAFAF1} URL = hxxp://nova.rambler.ru/search?query={searchTerms}&utm_source=r44&utm_medium=distribution&utm_content=e09&utm_campaign=3w30 SearchScopes: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000 -> {766884CC-71CC-45d1-8485-C9A58869C068} URL = hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms} SearchScopes: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000 -> {77ADC42B-B55F-443B-A930-B4DF37EB2C84} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&lr=213 SearchScopes: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000 -> {7C48FA5A-0A98-4590-A75C-0C82317A77DF} URL = hxxp://www.google.ru/#sclient=psy&hl=ru&newwindow=1&q={searchTerms}&aq=f&aqi=g5&aql=&oq=&pbx=1&fp=c9e2c6a96dee470b SearchScopes: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BD4D0D611-0D87-4C90-B2BD-0C1B83F5930C%7D&gp=789119 BHO: SBCONVERT Class -> {3017FB3E-9A77-4396-88C5-0EC9548FB42F} -> C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [2014-01-08] () BHO: SearchPredictObj Class -> {389943B0-C3A2-4E69-82CB-8596A84CB3DC} -> C:\Program Files\SearchPredict\SearchPredict.dll [2010-12-22] (Speedbit Ltd.) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-03-27] (IvoSoft) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation) BHO: MailRuBHO Class -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll => No File BHO: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2015-09-07] (Mail.Ru) BHO: IE 4.x-6.x BHO for Download Master -> {9961627E-4059-41B4-8E0E-A7D6B3854ADF} -> C:\Program Files\Download Master\dmiehlp.dll [2015-04-02] (WestByte) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Визуальные закладки -> {C93F72A2-2162-4BBA-A07A-F13663C297A6} -> C:\Program Files\Yandex\YandexBarIE\fastdial.dll => No File BHO: GrabberObj Class -> {FF7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll [2014-01-08] (Speedbit Ltd.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-03-27] (IvoSoft) Toolbar: HKLM - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll No File Toolbar: HKLM - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll No File Toolbar: HKLM - SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [2014-01-08] () Toolbar: HKU\.DEFAULT -> Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll No File Toolbar: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000 -> Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll No File Toolbar: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000 -> SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [2014-01-08] () DPF: {093500E9-F79F-4C52-A9B5-D8C7E4B3023E} file:///C:/Users/16CDA~1/AppData/Local/Temp/o3dEE5C.tmp.cab DPF: {810B649C-CEAE-4AC9-BF26-81341B49E913} file:///C:/Users/16CDA~1/AppData/Local/Temp/o3dB489.tmp.cab DPF: {FC77AB1C-824C-416F-95BC-418029595B48} file:///C:/Users/16CDA~1/AppData/Local/Temp/o3dF1DA.tmp.cab StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1449761861&z=42968316f40fa3ce6aa61b5gaz4z6t0m5q0g7b3wcm&from=cmi&uid=WDCXWD6400BPVT-24HXZT1_WD-WX41A514387743877 FireFox: ======== FF ProfilePath: C:\Users\МИХАИЛ 1\AppData\Roaming\Mozilla\Firefox\Profiles\bh04g6lr.default-1452178200397 FF SelectedSearchEngine: @Mail.Ru FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-19] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @outline3d.com/MozillaWrapper -> C:\Program Files\Common Files\ParallelGraphics\Outline3d\npOutline3dWrapper.dll [2014-05-31] ( ) FF Plugin: @parallelgraphics.com/Cortona -> C:\Program Files\Common Files\ParallelGraphics\Cortona\npcortona.dll [2011-11-28] (ParallelGraphics) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3032902621-1377843980-1404468434-1000: @mail.ru/GameCenter -> C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [2016-01-21] (LLC Mail.Ru) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2007-04-30] (Adobe Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOutline3dWrapper.dll [2014-05-31] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Extension: Визуальные закладки @Mail.Ru - C:\Users\МИХАИЛ 1\AppData\Roaming\Mozilla\Firefox\Profiles\bh04g6lr.default-1452178200397\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-01-23] FF Extension: Adblock Plus - C:\Users\МИХАИЛ 1\AppData\Roaming\Mozilla\Firefox\Profiles\bh04g6lr.default-1452178200397\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24] FF HKLM\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files\SearchPredict\PRFireFox FF Extension: SearchPredict - C:\Program Files\SearchPredict\PRFireFox [2014-01-08] [not signed] FF HKLM\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files\SpeedBit Video Downloader\SPFireFox FF Extension: SpeedBit Video Downloader - C:\Program Files\SpeedBit Video Downloader\SPFireFox [2014-01-08] [not signed] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-11-24] [not signed] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2013-03-02] (Autodesk) [File not signed] S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт) S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-14] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-14] (ESET) R2 Guard.Mail.ru; C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [4721368 2015-11-21] () R2 KMService; C:\Windows\system32\srvany.exe [8192 2011-11-24] () [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.) R2 mi-raysat_3dsMax2009_32; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [65536 2008-03-10] () [File not signed] R2 mrupdsrv; C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe [2555096 2016-03-28] (Mail.Ru) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2013-02-02] () R2 Updater.Mail.Ru; C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [5873880 2016-04-11] (Mail.Ru) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) S3 2GISUpdateService; "C:\Program Files\2gis\3.0\2GISUpdateService.exe" [X] S2 rizyqibe; C:\Program Files\BD982A04-1449761186-E011-836D-B870F4300684\jnscCCB.tmp [X] S2 woqenuwo; C:\Program Files\BD982A04-1449761186-E011-836D-B870F4300684\knshF2FE.tmpfs [X] S2 zizusyju; C:\Program Files\BD982A04-1449761186-E011-836D-B870F4300684\hnsm26A3.tmp [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation) R3 b70bus; C:\Windows\System32\DRIVERS\b70bus.sys [423424 2009-10-16] (Chingachguk & Denger2k (GRD mod)) [File not signed] R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-07-25] (DT Soft Ltd) R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET) R3 GrdKey; C:\Windows\System32\DRIVERS\grdkey.sys [1189888 2007-11-08] (Aktiv Co.) R3 GrdUsb; C:\Windows\System32\DRIVERS\grdusb.sys [1112832 2007-11-08] (Aktiv Co.) R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [10543104 2011-03-02] (Intel Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-03-02] (Intel Corporation) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-21] (Корпорация Майкрософт) R1 storegidfilter; C:\Windows\storegidfilter.sys [41632 2014-06-25] (NetFilterSDK.com) S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-19] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-19] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-19] (LG Electronics Inc.) R3 utezmjy3; C:\Windows\system32\Drivers\utezmjy3.sys [7168 2016-04-14] () [File not signed] R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [196352 2011-03-02] (Vimicro Corporation) R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [5888 2011-03-02] (Vimicro Corporation) R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт) S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 XDva403; \??\C:\Windows\system32\XDva403.sys [X] S3 XDva404; \??\C:\Windows\system32\XDva404.sys [X] S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X] S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X] S3 XDva408; \??\C:\Windows\system32\XDva408.sys [X] S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X] S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X] S3 XDva411; \??\C:\Windows\system32\XDva411.sys [X] S3 XDva412; \??\C:\Windows\system32\XDva412.sys [X] S3 XDva413; \??\C:\Windows\system32\XDva413.sys [X] S3 XDva534; \??\C:\Windows\system32\XDva534.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AcpiVpc.sys 0FF1F2F287E65A66A3B72484B9895785 C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys C17C5B13914D51D0F905A6871F288D72 C:\Windows\System32\DRIVERS\atikmpag.sys 7EFEF792454FF2F1FFB1E5B444CFB73C C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b70bus.sys 8A271849A0B8042A98E8BC47645D9476 C:\Windows\System32\DRIVERS\bcmwl6.sys 8E4D71D8C8BE58E479C73EF7C343AD8B C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 247B4CE2DAB1160CD422D532D5241E1F C:\Windows\System32\drivers\CHDRT32.sys D455771386171E858212FC4461AB415C C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\dtsoftbus01.sys 687AF6BB383885FF6A64071B189A7F3E C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\eamonm.sys 04CBA07E73F152970FC34D66D3892E2A C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ehdrv.sys FE7824239D132AD9EBD8645FE1199B30 C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\epfwwfpr.sys DDB45F6371714601A43E8BE38145BE18 C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05 C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\grdkey.sys 4083E2A4E05378F4A2A5A04447568BB1 C:\Windows\System32\DRIVERS\grdusb.sys 85C0ADF20E63BCB45D8438B893E8BE56 C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972 C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\IntcDAud.sys 5576AD2F0039D2BCCCA3567FC0BF981C C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\igdpmd32.sys FA0E4F04F1F0BC48156175FB32C06675 C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36 C:\Windows\System32\Drivers\ksecpkg.sys D30159AC9237519FBC62C6EC247D2D46 C:\Windows\System32\DRIVERS\L1C62x86.sys D1388B9E9787618964681ABDA6BAE337 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECI.sys D86AC00883B9C98B570E7643AAF8E554 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25 C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\system32\Drivers\Ntfs.sys 0D87503986BB3DFED58E343FE39DDE13 C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0 C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4 C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46 C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\storegidfilter.sys 2BBE6BA909EDB6165C0C23EE514C9B60 C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\synth3dvsc.sys F2AD8960812FD111E20E84659EF19D43 C:\Windows\System32\drivers\tcpip.sys E23A56F843E2AEBBB209D0ACCA73C640 C:\Windows\System32\DRIVERS\tcpip.sys E23A56F843E2AEBBB209D0ACCA73C640 C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\system32\drivers\terminpt.sys 052306FD76793D5D5AB5D9891FD1ADBB C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282 C:\Windows\System32\drivers\tsusbhub.sys 045ACB987C650D8186C6B4A692223860 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\drivers\usbaudio.sys 1D9F2BD026E8E2D45033A4DF3F16B78C C:\Windows\System32\DRIVERS\lgusbbus.sys 9419FAAC6552A51542DBBA02971C841C C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lgusbdiag.sys C0A466FA4FFEC464320E159BC1BBDC0C C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9 C:\Windows\System32\DRIVERS\lgusbmodem.sys F74A54774A9B0AFEB3C40ADEC68AA600 C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44 C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A C:\Windows\system32\drivers\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D C:\Windows\System32\Drivers\usbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2 C:\Windows\system32\Drivers\utezmjy3.sys 524D8D450622DB4A7875B111C299A76B C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\Drivers\vm331avs.sys EEE8ECE9DFAD269B34CC57316D62E8C6 C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\Drivers\vmuvcflt.sys 7C221C3D18268CEE7016610D9AD7AD8F C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708 C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-14 20:38 - 2016-04-14 20:39 - 03465280 _____ C:\Users\МИХАИЛ 1\Downloads\adwcleaner_5.110.exe 2016-04-14 20:06 - 2016-04-14 20:13 - 00007168 _____ C:\Windows\system32\Drivers\utezmjy3.sys 2016-04-14 19:22 - 2016-04-14 19:25 - 00210274 ____C C:\TDSSKiller.3.1.0.8_14.04.2016_19.22.20_log.txt 2016-04-14 19:07 - 2016-04-14 19:11 - 00002518 ____C C:\RannohDecryptor.1.8.0.2_14.04.2016_19.07.55_log.txt 2016-04-14 18:13 - 2016-04-14 18:13 - 00000000 ____D C:\Users\МИХАИЛ 1\Downloads\avz4 2016-04-14 18:09 - 2016-04-14 21:17 - 00000000 ___DC C:\FRST 2016-04-14 17:38 - 2016-04-14 17:47 - 00002344 ____C C:\RannohDecryptor.1.8.0.2_14.04.2016_17.38.28_log.txt 2016-04-14 17:31 - 2016-04-14 17:35 - 00002530 ____C C:\RannohDecryptor.1.8.0.2_14.04.2016_17.31.20_log.txt 2016-04-14 17:09 - 2016-04-14 17:30 - 00002722 ____C C:\RannohDecryptor.1.8.0.2_14.04.2016_17.09.54_log.txt 2016-04-14 17:05 - 2016-04-14 17:07 - 00002258 ____C C:\RannohDecryptor.1.8.0.2_14.04.2016_17.05.56_log.txt 2016-04-14 16:58 - 2016-04-14 16:58 - 00001878 ____C C:\RannohDecryptor.1.8.0.2_14.04.2016_16.58.01_log.txt 2016-04-14 16:28 - 2016-04-14 16:35 - 00000000 ___DC C:\KVRT_Data 2016-04-14 16:23 - 2016-04-14 16:23 - 00015198 ____C C:\CleanAutoRun.1.2.1.0_14.04.2016_16.23.28_log.txt 2016-04-14 16:22 - 2016-04-14 16:22 - 00015198 ____C C:\CleanAutoRun.1.2.1.0_14.04.2016_16.22.15_log.txt 2016-04-14 15:41 - 2016-04-14 15:43 - 00210260 ____C C:\TDSSKiller.3.1.0.9_14.04.2016_15.41.22_log.txt 2016-04-14 15:39 - 2016-04-14 15:40 - 04633146 _____ C:\Users\МИХАИЛ 1\Downloads\tdsskiller.zip 2016-04-14 15:38 - 2016-04-14 15:38 - 00000364 ____C C:\TDSSKiller.3.1.0.8_14.04.2016_15.38.01_log.txt 2016-04-14 15:27 - 2016-04-14 15:35 - 00212166 ____C C:\TDSSKiller.3.1.0.8_14.04.2016_15.27.43_log.txt 2016-04-14 14:25 - 2016-04-14 14:25 - 00002722 ____C C:\README9.txt 2016-04-14 14:25 - 2016-04-14 14:25 - 00002722 ____C C:\README8.txt 2016-04-14 14:25 - 2016-04-14 14:25 - 00002722 ____C C:\README7.txt 2016-04-14 14:25 - 2016-04-14 14:25 - 00002722 ____C C:\README6.txt 2016-04-14 14:25 - 2016-04-14 14:25 - 00002722 ____C C:\README5.txt 2016-04-14 14:25 - 2016-04-14 14:25 - 00002722 ____C C:\README4.txt 2016-04-14 14:25 - 2016-04-14 14:25 - 00002722 ____C C:\README3.txt 2016-04-14 14:25 - 2016-04-14 14:25 - 00002722 ____C C:\README2.txt 2016-04-14 14:25 - 2016-04-14 14:25 - 00002722 ____C C:\README10.txt 2016-04-14 14:25 - 2016-04-14 14:25 - 00002722 ____C C:\README1.txt 2016-04-14 14:24 - 2016-04-14 15:37 - 00000000 __SHD C:\Users\Все пользователи\Windows 2016-04-14 14:24 - 2016-04-14 15:37 - 00000000 __SHD C:\ProgramData\Windows 2016-04-12 04:10 - 2016-04-13 01:11 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-04-08 18:14 - 2016-04-08 18:14 - 00058808 _____ C:\Users\МИХАИЛ 1\Downloads\Samuil_Belostotskij__«PickUp_Artist».jpeg 2016-03-23 20:11 - 2016-03-23 20:11 - 00000668 _____ C:\Users\Все пользователи\Desktop\Сетевая игра Call of Duty 2.lnk 2016-03-23 20:11 - 2016-03-23 20:11 - 00000668 _____ C:\Users\Все пользователи\Desktop\Одиночная игра Call of Duty 2.lnk 2016-03-23 20:11 - 2016-03-23 20:11 - 00000668 _____ C:\Users\Public\Desktop\Сетевая игра Call of Duty 2.lnk 2016-03-23 20:11 - 2016-03-23 20:11 - 00000668 _____ C:\Users\Public\Desktop\Одиночная игра Call of Duty 2.lnk 2016-03-23 20:11 - 2016-03-23 20:11 - 00000668 _____ C:\ProgramData\Desktop\Сетевая игра Call of Duty 2.lnk 2016-03-23 20:11 - 2016-03-23 20:11 - 00000668 _____ C:\ProgramData\Desktop\Одиночная игра Call of Duty 2.lnk 2016-03-23 20:11 - 2016-03-23 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty 2 2016-03-03 02:56 - 2016-03-03 02:56 - 00001060 _____ C:\Users\МИХАИЛ 1\Desktop\ObjectRescue Professional.lnk 2016-03-03 02:56 - 2016-03-03 02:56 - 00000000 ____D C:\Users\МИХАИЛ 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ObjectRescue Pro 2016-03-03 02:53 - 2016-03-03 02:57 - 00009728 _____ C:\Windows\system32\BASSMOD.dll 2016-03-03 02:36 - 2016-03-03 02:57 - 00000000 ____D C:\Program Files\ObjectRescue Pro 2016-03-03 01:45 - 2016-03-03 02:01 - 00000000 ____D C:\Program Files\F-Recovery for MemoryStick 2016-03-03 01:45 - 2016-03-03 01:45 - 00000000 ____D C:\Users\МИХАИЛ 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F-Recovery for MemoryStick 2016-03-03 00:47 - 2016-03-03 01:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Recovery for MemoryStick 2016-03-03 00:30 - 2016-03-03 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memory Stick Utility 2016-03-03 00:30 - 2016-03-03 00:30 - 00000000 ____D C:\Program Files\Sony 2016-03-01 04:14 - 2016-03-01 04:16 - 00207324 ____C C:\TDSSKiller.3.1.0.8_01.03.2016_04.14.29_log.txt 2016-02-25 16:55 - 2016-02-25 16:55 - 00000106 _____ C:\Users\МИХАИЛ 1\Desktop\Cross Fire.url 2016-02-09 23:30 - 2016-02-09 23:30 - 00000000 ____D C:\Users\МИХАИЛ 1\Downloads\Муж узнал о беременности жены благодаря фитнес-браслету_Вести FM_files 2016-01-15 23:16 - 2016-01-15 23:17 - 06299600 _____ (LLC Mail.Ru) C:\Users\МИХАИЛ 1\Downloads\CrossfireLoader_fd3279100e7012d76638dad200d19420.exe ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-14 21:17 - 2013-02-26 12:27 - 00000000 ____D C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru 2016-04-14 20:21 - 2013-06-18 16:19 - 00000000 ____D C:\Program Files\ExpressDownloader 2016-04-14 20:11 - 2009-07-14 10:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-14 20:10 - 2009-07-14 10:34 - 00005872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-14 20:10 - 2009-07-14 10:34 - 00005872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-14 19:37 - 2015-10-03 15:56 - 00000000 ____D C:\Users\МИХАИЛ 1\Downloads\Видео 2016-04-14 17:31 - 2011-01-24 03:56 - 00677998 _____ C:\Windows\system32\perfh019.dat 2016-04-14 17:31 - 2011-01-24 03:56 - 00129912 _____ C:\Windows\system32\perfc019.dat 2016-04-14 17:31 - 2010-11-21 03:01 - 01516178 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-14 17:31 - 2009-07-14 08:37 - 00000000 ____D C:\Windows\inf 2016-04-14 15:34 - 2015-12-11 02:26 - 00000000 ___DC C:\TDSSKiller_Quarantine 2016-04-14 15:19 - 2012-04-26 12:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-04-14 15:17 - 2014-01-06 13:14 - 00000290 _____ C:\Windows\Tasks\WinZipDriverUpdater_UPDATES.job 2016-04-14 15:17 - 2011-11-24 23:51 - 00000000 ____D C:\Users\МИХАИЛ 1\AppData\Roaming\uTorrent 2016-04-11 08:15 - 2011-11-24 23:54 - 00000000 ____D C:\Users\МИХАИЛ 1\AppData\Roaming\Skype 2016-03-28 23:30 - 2013-01-19 18:13 - 00000000 ____D C:\Program Files\Mail.Ru 2016-03-23 23:54 - 2013-05-03 13:20 - 00000000 ____D C:\Windows\Minidump 2016-03-23 20:12 - 2012-09-02 00:15 - 00000000 ____D C:\Windows\system32\directx 2016-03-23 20:12 - 2011-11-25 01:35 - 00000000 ____D C:\Users\МИХАИЛ 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-03-23 19:14 - 2011-11-28 02:12 - 00000000 ____D C:\Users\МИХАИЛ 1\AppData\Local\ElevatedDiagnostics 2016-03-23 17:04 - 2012-07-25 15:17 - 00000000 ____D C:\Users\МИХАИЛ 1\AppData\Roaming\DAEMON Tools Lite 2016-03-23 17:03 - 2013-02-05 22:49 - 00000000 ____D C:\Users\МИХАИЛ 1\Documents\BioWare 2016-03-23 17:02 - 2013-02-02 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics 2016-03-23 17:02 - 2013-01-19 18:23 - 00000000 ____D C:\Users\Все пользователи\Documents\Monolith Productions 2016-03-23 17:02 - 2013-01-19 18:23 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions 2016-03-23 17:02 - 2013-01-19 18:23 - 00000000 ____D C:\ProgramData\Documents\Monolith Productions 2016-03-19 21:23 - 2015-12-11 01:00 - 00000000 ____D C:\Users\МИХАИЛ 1\Downloads\Программы 2016-03-19 16:26 - 2015-12-11 01:02 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-03-19 16:26 - 2015-12-11 01:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-03-19 16:26 - 2012-01-07 18:35 - 00000000 ____D C:\Users\МИХАИЛ 1\AppData\Local\Adobe 2016-03-16 02:23 - 2011-12-26 04:21 - 15990784 _____ C:\Windows\system32\config\systme ==================== Files in the root of some directories ======= 2014-01-12 02:24 - 2014-01-12 02:24 - 0000070 _____ () C:\Users\МИХАИЛ 1\AppData\Roaming\Camdata.ini 2014-01-12 02:24 - 2014-01-12 02:24 - 0000408 _____ () C:\Users\МИХАИЛ 1\AppData\Roaming\CamLayout.ini 2014-01-12 02:24 - 2014-01-12 02:24 - 0000408 _____ () C:\Users\МИХАИЛ 1\AppData\Roaming\CamShapes.ini 2014-01-12 02:24 - 2014-01-12 02:24 - 0004416 _____ () C:\Users\МИХАИЛ 1\AppData\Roaming\CamStudio.cfg 2013-02-02 21:48 - 2013-02-02 21:48 - 0000238 _____ () C:\Users\МИХАИЛ 1\AppData\Roaming\del.bat 2013-02-02 21:47 - 2013-02-02 21:47 - 0139152 _____ () C:\Users\МИХАИЛ 1\AppData\Roaming\PnkBstrK.sys 2014-08-18 13:27 - 2014-08-18 13:27 - 0000000 _____ () C:\Users\МИХАИЛ 1\AppData\Roaming\smw_inst 2011-11-27 02:22 - 2015-09-29 03:17 - 0012800 _____ () C:\Users\МИХАИЛ 1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-17 00:43 - 2016-02-18 18:33 - 0007599 _____ () C:\Users\МИХАИЛ 1\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ „ЁбЇҐвзҐа § Јаг§ЄЁ Windows -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootmgr} device partition=C: description Windows Boot Manager locale ru-RU inherit {globalsettings} default {current} resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} displayorder {current} toolsdisplayorder {memdiag} timeout 30 ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {01a24fb0-71e7-11e5-9907-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {0f8fb95f-eaeb-11e5-b08d-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {1717dfc2-9870-11e2-afe2-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {1ccd5bf9-42a2-11e5-9bb6-3859f99e18a8} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {21ef13e3-a8dd-11e1-ae65-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {319f4aa4-47e7-11e4-9b40-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {3a6cf80e-e826-11e3-a1a5-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {3fa87a10-a0b5-11e3-8293-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {4125f407-ffd3-11e3-b353-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {463252d3-21d5-11e2-ad43-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {46a0112a-b8a5-11e3-9b5b-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {50b110f1-5a44-11e5-96ae-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {557fb740-88f9-11e3-82dc-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {562a6834-f11e-11e1-af02-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {56e2ea2b-797b-11e1-b351-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {5cbed61c-d1da-11e5-909e-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {5f4d5f03-7157-11e3-b0f1-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {6408917b-e175-11e2-b140-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {680f3103-bfa0-11e4-96f1-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {70e6dffb-911c-11e1-8b49-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {7115c856-d072-11e3-9b31-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {7391e2f9-29dc-11e3-880e-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {73c15eb5-77bd-11e4-8335-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {7583e8e9-ba12-11e5-b0c4-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {80a5da5e-c083-11e1-b263-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {8134ffea-5ffe-11e4-9eac-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {87b218c5-6150-11e1-9bea-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {89cb2a2d-8f80-11e4-9944-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {8ba8858b-17ea-11e4-965d-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {8ebc8e55-d953-11e1-b1a0-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {971723d0-fa47-11e2-ac0f-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {97409e46-5999-11e3-ade6-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {994890f4-c80a-11e2-ae9d-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {9b3ef6f0-f0b8-11e4-98d3-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {a355816e-092e-11e2-b246-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {a6f5cde8-68b2-11e2-acbf-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {a82a7d36-11e9-11e3-99e1-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {bbaabfd8-300d-11e4-9a7c-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {bf338dc3-89dc-11e5-b038-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx OptIn ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {c1229583-1719-11e1-a47d-f82c18347e7d} device ramdisk=[C:]\Recovery\c1229583-1719-11e1-a47d-f82c18347e7d\Winre.wim,{c1229584-1719-11e1-a47d-f82c18347e7d} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\c1229583-1719-11e1-a47d-f82c18347e7d\Winre.wim,{c1229584-1719-11e1-a47d-f82c18347e7d} systemroot \windows nx OptIn winpe Yes ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {c18abb96-3973-11e2-aea9-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {c2dfe2e6-0b7d-11e5-95ae-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {c784d465-2f46-11e1-ae45-3859f99e18a8} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {ce15d90e-24b3-11e5-9ff4-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {cf487be7-80ab-11e2-bb53-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {d1129f2e-d7a8-11e4-9a7c-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {d7233e9d-b035-11e2-b212-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {dbb75f5b-a176-11e5-8bf1-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {e38ee910-417c-11e3-87f5-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {ede14d8f-50e7-11e2-b8e9-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {f1f6ada3-a7dd-11e4-9998-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {fc6e6ecb-4830-11e1-bc4d-b870f4300684} device partition=C: path \Windows\system32\winlaod.exe description Reboot LXE locale ru-RU inherit {bootloadersettings} recoverysequence {c1229583-1719-11e1-a47d-f82c18347e7d} recoveryenabled Yes nointegritychecks Yes testsigning Yes osdevice partition=C: systemroot \Windows kernel ntoskrln.exe resumeobject {c1229581-1719-11e1-a47d-f82c18347e7d} nx AlwaysOff pae ForceDisable sos No ‚л室 Ё§ ०Ё¬  ЈЁЎҐа­ жЁЁ -------------------------- Ё¤Ґ­вЁдЁЄ в®а {c1229581-1719-11e1-a47d-f82c18347e7d} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Џа®ўҐаЄ  Ї ¬пвЁ Windows --------------------- Ё¤Ґ­вЁдЁЄ в®а {memdiag} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale ru-RU inherit {globalsettings} badmemoryaccess Yes ‡ Јаг§зЁЄ ЇаҐ¦­Ёе ўҐабЁ© Ћ‘ Windows ------------------------ Ё¤Ґ­вЁдЁЄ в®а {ntldr} device partition=C: path \ntldr description Earlier Version of Windows Џ а ¬Ґвал EMS ------------- Ё¤Ґ­вЁдЁЄ в®а {emssettings} bootems Yes Џ а ¬Ґвал ®в« ¤зЁЄ  ------------------- Ё¤Ґ­вЁдЁЄ в®а {dbgsettings} debugtype Serial debugport 1 baudrate 115200 „ҐдҐЄвл Ћ‡“ ----------- Ё¤Ґ­вЁдЁЄ в®а {badmemory} ѓ«®Ў «м­лҐ Ї а ¬Ґвал -------------------- Ё¤Ґ­вЁдЁЄ в®а {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Џ а ¬Ґвал § Јаг§зЁЄ  -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Џ а ¬Ґвал ЈЁЇҐаўЁ§®а  ------------------- Ё¤Ґ­вЁдЁЄ в®а {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Џ а ¬Ґвал § Јаг§зЁЄ  ў®ббв ­®ў«Ґ­Ёп ----------------------------------- Ё¤Ґ­вЁдЁЄ в®а {resumeloadersettings} inherit {globalsettings} Џ а ¬Ґвал гбва®©бвў ------------------- Ё¤Ґ­вЁдЁЄ в®а {c1229584-1719-11e1-a47d-f82c18347e7d} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\c1229583-1719-11e1-a47d-f82c18347e7d\boot.sdi LastRegBack: 2016-03-22 20:47 ==================== End of FRST.txt ============================