Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Администратор (administrator) on DC-BASE (04-09-2017 16:30:13)
Running from C:\Share
Loaded Profiles: Администратор & MSSQL$MICROSOFT##WID (Available Profiles: Администратор & MSSQL$MICROSOFT##WID & .NET v4.5 & .NET v4.5 Classic)
Platform: Windows Server 2012 R2 Standard (X64) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Microsoft Corporation) C:\Windows\WID\Binn\sqlwriter.exe
(Microsoft Corporation) C:\Windows\WID\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\tssdis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\iashost.exe
(Microsoft Corporation) C:\Windows\System32\ServerManager.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Farbar) C:\Share\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [83016 2016-02-16] (VMware, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-07-27] (Adobe Systems Inc.)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
Lsa: [Notification Packages] rassfm scecli
BootExecute: autocheck autochk /q /v * 
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{BC68E179-8F68-4214-9F03-D79330DD03EC}: [NameServer] 192.168.10.248,8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3857816614-773318418-3252498626-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
URLSearchHook: [S-1-5-80-1184457765-4068085190-3456807688-2200952327-3769537534] ATTENTION => Default URLSearchHook is missing
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-12-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-12-17] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-12-17] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-12-17] (Adobe Systems Incorporated)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-08-15]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-07-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 IAS; C:\Windows\System32\ias.dll [31232 2014-11-21] (Microsoft Corporation)
R2 IAS; C:\Windows\SysWOW64\ias.dll [23040 2014-11-21] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2017-02-10] (Microsoft Corporation)
R2 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Corporation)
R3 MSSQL$MICROSOFT##WID; C:\Windows\WID\Binn\sqlservr.exe [191064 2017-02-10] (Microsoft Corporation)
R2 RDMS; C:\Windows\System32\RDMS.dll [700928 2016-03-05] (Microsoft Corporation)
R3 RPCHTTPLBS; C:\Windows\System32\RpcProxy\LBService.dll [25600 2017-02-10] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [76288 2013-08-22] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Corporation)
R2 TermServLicensing; C:\Windows\System32\lserver.dll [750080 2016-02-02] (Microsoft Corporation)
R2 TScPubRPC; C:\Windows\system32\TSCPUBSvr.dll [236032 2017-02-10] (Microsoft Corporation)
R2 TSGateway; C:\Windows\system32\aaedge.dll [703488 2015-12-16] (Microsoft Corporation)
R2 Tssdis; C:\Windows\System32\tssdis.exe [809984 2016-03-05] (Microsoft Corporation)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [249344 2014-11-21] (Microsoft Corporation)
R2 VGAuthService; C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe [160768 2016-02-16] (VMware, Inc.) [File not signed]
R3 WIDWriter; C:\Windows\WID\Binn\sqlwriter.exe [129624 2017-02-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)
R0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)
R0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Broadcom Corporation)
R0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Broadcom Corporation)
R0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Emulex)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [117760 2016-07-09] (Microsoft Corporation)
R0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (QLogic Corporation)
R0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (QLogic Corporation)
R0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (QLogic Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [145920 2014-11-21] (Microsoft Corporation)
R2 TSFairShare; C:\Windows\System32\drivers\TSFairShare.sys [74752 2017-02-10] (Microsoft Corporation)
R2 VMMEMCTL; C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys [32840 2016-02-16] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-20] (VMware, Inc.)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys A460C3AF3755A2A79A3C8EFE72E147B5
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys F0CB6DB513CAC393D04A0FCE0A59E1BF
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\System32\drivers\asyncmac.sys 3DB7721F06BC2FEDB25029EA23AB27DA
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 195BD339B4B782B42C19489DCFB4D110
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\System32\drivers\bfadfcoei.sys 20B24A515209EEA9D0500A8E3F17F206
C:\Windows\System32\drivers\bfadi.sys 32DB84719E8EA5ED8AE54E79F19782FD
C:\Windows\System32\DRIVERS\bowser.sys 4938A9236300A356F97E378491EE4844
C:\Windows\System32\drivers\bxfcoe.sys C392AECC53F60801FAB32407A7F4C57B
C:\Windows\System32\drivers\bxois.sys 4DFA44593FAFB909D261898461D6ECAD
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\cht4vx64.sys 79E002FB10B0451609FE2EFBD4DED31C
C:\Windows\System32\drivers\CLFS.sys 9DA497AEAF35AA7BF7710132FC2A9906
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys C8823A6ECE66B997C8E9F413D1D671E7
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\Drivers\dfsc.sys 4FED6AD69C9EE1EE7FD3C88437138855
C:\Windows\System32\drivers\disk.sys 8B1E62881D5AC68E673CD94B136B34AC
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\System32\drivers\dxgkrnl.sys 24C40570BAFEA48E9CB2B87008DCA152
C:\Windows\system32\DRIVERS\e1i63x64.sys FA988D76745C917CDFE20031C06DE860
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\System32\drivers\elxfcoe.sys 6565326D51C5A3744406D723FC4199B4
C:\Windows\System32\drivers\elxstor.sys 3AF30511A5D17890343A0A4313C25D42
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fcvsc.sys F62383CA428A2DF7B3A5612A005CE506
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A
C:\Windows\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19
C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidusb.sys 49676FEC898AB2A11B157F848269A56E
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys 030DD4F01AF3C32BA1AD00B549156F99
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 49EE0AE9E5B64FFBBD06D55C4984B598
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\System32\drivers\ibbus.sys BF00494818FD9E0B3E841B93A1847C7C
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys C800DCD904016B2BF6AB541083770A3A
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys 744DE92A339763C15C6B988C27439633
C:\Windows\System32\drivers\kbdclass.sys 5917AFE4A3F695A54B99C1849C8207FE
C:\Windows\System32\drivers\kbdhid.sys 8CD840A062F6BDF41DDE3ACB96164B72
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys 4E829B18D5BAEC29893792A3C671A847
C:\Windows\System32\Drivers\ksecpkg.sys 3D4AE520CD6F6FFE549DD195C1F515BE
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\mlx4_bus.sys 13340C572F24BB6AFAD3AE034BEC63B8
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys 08374E4E5B8914DE6067CBA99F61E930
C:\Windows\System32\drivers\mouhid.sys 5FCBAB60598AE119E02B4C27DE6B99EA
C:\Windows\System32\drivers\mountmgr.sys 24DABC0A77FAFDC0E379AB3B30F61BB6
C:\Windows\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC
C:\Windows\System32\DRIVERS\mrxsmb.sys DE1513C338189348F6934A25CF6E4D19
C:\Windows\System32\DRIVERS\mrxsmb10.sys 706BEFE7F8943E0DB0086B0B64E27453
C:\Windows\System32\DRIVERS\mrxsmb20.sys DE5AAC19EB9B9C3AFF9CAE30D7EB107A
C:\Windows\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\DRIVERS\MsLbfoProvider.sys 7AB936A8E5AEE965C434E765F35C0883
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 438EA7A2D8D4F9B8AFB64748ACA70BA8
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\System32\drivers\ndfltr.sys 59D76237021AE10E260EDA02F2D4EDCD
C:\Windows\System32\drivers\ndis.sys FFAA6C6E798FBA448FA7628A1B277F5C
C:\Windows\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664
C:\Windows\system32\DRIVERS\NdisImPlatform.sys D6FDA9680454F970849C8947394C9772
C:\Windows\system32\DRIVERS\ndistapi.sys DC1D9F692C2AD84C214584C28501C1F7
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\System32\drivers\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\Windows\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\Windows\System32\Drivers\NDProxy.sys B8F36CBC72FC5C8B8A30AD850165EA8E
C:\Windows\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A
C:\Windows\System32\DRIVERS\netbt.sys 9DC17B7D9D84C37C102D379FCC7D4942
C:\Windows\System32\drivers\netvsc63.sys D4DCE03870314D3354F3501F9DDD4123
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541
C:\Windows\System32\Drivers\Ntfs.sys E6E90E10CE26DD04868AED601091A124
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 57DCE4FB0467986AE78E1C6FC5240D32
C:\Windows\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4
C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys ED54A75050211DC77F9B98C41E026858
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\System32\drivers\raspptp.sys E075CC071022BD4E9BE7C024717C0E0A
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5
C:\Windows\System32\drivers\ql2300i.sys 257CC72B4D30667D706F33C0AAFD9799
C:\Windows\System32\drivers\ql40xx2i.sys C6197CE7D9623B7228F0E8F252CE2E34
C:\Windows\System32\drivers\qlfcoei.sys E4BE623FCC1D5A23901A3FFB8B88278B
C:\Windows\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F
C:\Windows\system32\DRIVERS\AgileVpn.sys D5ECE7E7F349EB3C4B152AFF3577280D
C:\Windows\System32\drivers\rasl2tp.sys 235624C147E3CB4C288D5D3D8E8D64A2
C:\Windows\System32\drivers\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\system32\DRIVERS\rassstp.sys 41F631007A158FEBB67F0E2AD1601BBA
C:\Windows\System32\DRIVERS\rdbss.sys D67ED4AB59D1EF66B05AD1A81AC28B26
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64
C:\Windows\System32\Drivers\ReFS.sys 2D39BCFA4DD1081B8F282B623456B858
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Windows\System32\DRIVERS\sacdrv.sys 46826657CCB39CB424409D33584FA460
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys FA7ABD857DEB0FE3C94CC39A4C845E66
C:\Windows\System32\drivers\sdbus.sys C54B6B2170BF628FD42F799A66956D75
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 1F0135949A6AD6025F363F80FE268251
C:\Windows\System32\drivers\serial.sys 81633C87B42B63BA484A6177179AC750
C:\Windows\System32\drivers\sermouse.sys 148195AE95D9BC7375A08846439FDAC1
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\DRIVERS\smbdirect.sys 456DC861914C2E6DDACCB319F8685990
C:\Windows\System32\drivers\spaceport.sys F6AF6499C3788105EA7AF1DA27769A77
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 937CC1CBAE9451CF7B7902151A56ACCB
C:\Windows\System32\DRIVERS\srv2.sys 94ED1930732AD40C4C65C645BE56F48A
C:\Windows\System32\DRIVERS\srvnet.sys FABC49666708EA562549E78E6FBF3191
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34
C:\Windows\System32\drivers\stornvme.sys 0EDD1F4D470C775740625B06A60C9DD5
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\storvsp.sys B3A905F6E860F1C58264592F8393E322
C:\Windows\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43
C:\Windows\System32\drivers\tcpip.sys 2F10C145F517419E17203632FCDA0A13
C:\Windows\system32\DRIVERS\tcpip.sys 2F10C145F517419E17203632FCDA0A13
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdx.sys E0BD2D83875464FEEEB242CBA8B7E073
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\system32\drivers\tpm.sys 80A2FC1A089A71F2DBE5D8394FFB009F
C:\Windows\System32\drivers\TSFairShare.sys 91B4BE1CB6E2725A3727CC0479132C35
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99
C:\Windows\System32\drivers\tsusbhub.sys 033D042B16598250CA86A8C4F9D50CA0
C:\Windows\system32\DRIVERS\tunnel.sys E85916632CD3B9E9B546968DB950BF42
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49
C:\Windows\System32\DRIVERS\udfs.sys C61EAF8E1E4B2F62BA4FDF457440B2C6
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8
C:\Windows\System32\drivers\usbehci.sys C996CBEF922B5653A01E3F50DDCE2F86
C:\Windows\System32\drivers\usbhub.sys CD81683F4553677B9BF5163A922153EB
C:\Windows\System32\drivers\UsbHub3.sys 5C90D5379B53590FBB24BBAD4FA682EE
C:\Windows\System32\drivers\usbohci.sys A0F0484C97D6441ED6A75D7426ECCC9E
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\USBSTOR.SYS 9D168BFA334D47BE404367EB58D4E130
C:\Windows\System32\drivers\usbuhci.sys FC974B03C8B87455F44F734C8F31A3C8
C:\Windows\System32\drivers\USBXHCI.SYS 44603DA5A87FB491EF59C889EBBB4DDB
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys 8ABB4BABF59F092DF0B43778D8FD1884
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\Vid.sys 3CE922E34DB12D9F3C0EA856BC09687C
C:\Windows\system32\DRIVERS\vm3dmp.sys 1CC1111E2996FA667F507AF4F86D3F68
C:\Windows\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\vmbusr.sys 68F8C26DEA2D42E8DEC0778943433C80
C:\Windows\System32\drivers\vmci.sys 23B3E571717D59C8B0A6963B79061B57
C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys 75F53EEE3AC02DAD3B815D5E27424A4C
C:\Windows\System32\drivers\vmmouse.sys 0E1CDDC1231535A16FD469419C71DECA
C:\Windows\System32\drivers\volmgr.sys 436E1A724E7E683F6B612D3D58F04241
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 17F7B0F2298D97F4B6C7A69511033D3D
C:\Windows\System32\drivers\vpci.sys DAC438FB5FF85A9E72806E2341D5D732
C:\Windows\System32\drivers\vpcivsp.sys 7D58FC7EB7E2AE0E8FAC15D36BEFC60E
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vsock.sys 7639A7B4A8E5204BB37B479C2D1C8934
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\DRIVERS\wanarp.sys 23006D660C0E54BF1CE8253E15F5E995
C:\Windows\system32\DRIVERS\wanarp.sys 23006D660C0E54BF1CE8253E15F5E995
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\System32\DRIVERS\wfplwfs.sys 715ABA3DD164D06457A2A3C92F6EA9D5
C:\Windows\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620
C:\Windows\System32\drivers\winmad.sys CE7BDF86EA539F5DDF90E25DC1CDCD16
C:\Windows\System32\drivers\winnat.sys D8E7CD99AA6C088597B6D07BC0929865
C:\Windows\System32\drivers\winverbs.sys 44B19297DBB12FFAE43CADCD5FB0893A
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\wtlmdrv.sys 72349809C6D6F5185C25EA7CDC5C2F3B
C:\Windows\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113
C:\Windows\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-04 16:29 - 2017-09-04 16:30 - 000000000 ____D C:\FRST
2017-09-04 16:29 - 2017-09-04 16:29 - 000000000 ____D C:\Users\Администратор\WINDOWS
2017-09-04 16:18 - 2017-09-04 16:30 - 000000000 ____D C:\Users\Администратор\AppData\Local\Temp\1
2017-09-04 16:18 - 2017-09-04 16:29 - 000000000 ____D C:\Users\Администратор\AppData\Roaming\Adobe
2017-09-04 16:18 - 2017-09-04 16:18 - 000001434 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-09-04 16:18 - 2017-09-04 16:18 - 000000088 ___SH C:\Users\Администратор\Uvhd-Binding
2017-09-04 16:18 - 2017-09-04 16:18 - 000000020 ___SH C:\Users\Администратор\ntuser.ini
2017-09-04 16:18 - 2017-09-04 16:18 - 000000000 __SHD C:\Users\Администратор\$RECYCLE.BIN
2017-09-04 16:18 - 2017-09-04 16:18 - 000000000 ___DL C:\Users\Администратор
2017-09-04 16:18 - 2017-09-04 16:18 - 000000000 ____D C:\Users\Администратор.BACKUP-0\AppData\Roaming\Adobe
2017-09-04 16:18 - 2017-09-04 16:18 - 000000000 ____D C:\Users\Администратор.BACKUP-0
2017-09-04 16:18 - 2017-09-04 16:18 - 000000000 ____D C:\Users\UvhdCleanupBin\Администраторe719c0bb-3fef-4976-be7e-a862707250a3
2017-09-04 16:18 - 2017-02-09 13:37 - 000000000 _____ C:\Users\Администратор.BACKUP-0\AppData\Local\Temp\tmp119B.tmp
2017-09-04 16:18 - 2017-02-09 13:36 - 000001434 _____ C:\Users\Администратор.BACKUP-0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-09-04 16:18 - 2017-02-09 13:36 - 000000020 ___SH C:\Users\Администратор.BACKUP-0\ntuser.ini
2017-09-04 16:18 - 2014-11-21 07:26 - 000000369 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2017-09-04 16:18 - 2014-11-21 07:26 - 000000369 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-09-04 16:18 - 2014-11-21 07:26 - 000000369 _____ C:\Users\Администратор.BACKUP-0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2017-09-04 16:18 - 2014-11-21 07:26 - 000000369 _____ C:\Users\Администратор.BACKUP-0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-08-31 09:17 - 2017-09-04 16:26 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-08-15 15:50 - 2017-08-30 11:08 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3392869846-3656442938-3551805517-1165
2017-08-14 11:33 - 2017-08-15 15:50 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3392869846-3656442938-3551805517-1701
2017-06-20 11:11 - 2017-06-20 11:11 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3392869846-3656442938-3551805517-1707
2017-06-20 11:07 - 2017-08-03 12:39 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-06-13 10:34 - 2017-06-13 10:34 - 000000000 ___DL C:\Users\mavraamov
2017-06-08 15:41 - 2017-06-08 15:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_UsbDr_01_09_00.Wdf

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-04 16:30 - 2017-02-09 15:15 - 000000000 ____D C:\Share
2017-09-04 16:23 - 2014-11-21 07:20 - 002229582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-04 16:23 - 2014-11-21 06:42 - 000953302 _____ C:\Windows\system32\perfh019.dat
2017-09-04 16:23 - 2014-11-21 06:42 - 000221250 _____ C:\Windows\system32\perfc019.dat
2017-09-04 16:23 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Inf
2017-09-04 16:18 - 2017-02-10 10:36 - 000000000 __SHD C:\Users\UvhdCleanupBin
2017-09-04 16:17 - 2013-08-22 18:39 - 000000000 ____D C:\Windows\system32\inetsrv
2017-09-04 16:15 - 2013-08-22 18:39 - 000000000 ____D C:\Windows\Registration
2017-09-04 13:15 - 2017-02-10 09:22 - 000000000 ____D C:\Windows\system32\lserver
2017-09-04 13:15 - 2013-08-22 17:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-04 12:49 - 2013-08-22 16:25 - 000008192 ___SH C:\Windows\system32\config\BBI
2017-09-04 12:13 - 2017-02-09 13:37 - 000000112 _____ C:\Windows\system32\config\netlogon.ftl
2017-08-31 10:30 - 2017-02-09 15:11 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3392869846-3656442938-3551805517-1286
2017-08-21 11:27 - 2017-02-15 10:31 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3392869846-3656442938-3551805517-1631
2017-08-15 15:45 - 2017-02-14 16:37 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2017-08-15 15:45 - 2017-02-14 16:37 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2017-08-15 15:45 - 2017-02-14 16:37 - 000002029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk

Files to move or delete:
====================
C:\Users\set.BACKUP-0\TsAllUsr.Dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

„ЁбЇҐвзҐа § Јаг§ЄЁ Windows
--------------------
Ё¤Ґ­вЁдЁЄ в®а           {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  ru-RU
inherit                 {globalsettings}
bootshutdowndisabled    Yes
default                 {current}
resumeobject            {5da47ac5-ee91-11e6-a772-d85eeb08ad5d}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

‡ Јаг§Є  Windows
-------------------
Ё¤Ґ­вЁдЁЄ в®а           {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows Server 2012 R2
locale                  ru-RU
inherit                 {bootloadersettings}
recoverysequence        {5da47ac7-ee91-11e6-a772-d85eeb08ad5d}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {5da47ac5-ee91-11e6-a772-d85eeb08ad5d}
nx                      OptOut

‡ Јаг§Є  Windows
-------------------
Ё¤Ґ­вЁдЁЄ в®а           {5da47ac7-ee91-11e6-a772-d85eeb08ad5d}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5da47ac8-ee91-11e6-a772-d85eeb08ad5d}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  ru-RU
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5da47ac8-ee91-11e6-a772-d85eeb08ad5d}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

‚ле®¤ Ё§ аҐ¦Ё¬  ЈЁЎҐа­ жЁЁ
--------------------------
Ё¤Ґ­вЁдЁЄ в®а           {5da47ac5-ee91-11e6-a772-d85eeb08ad5d}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  ru-RU
inherit                 {resumeloadersettings}
recoverysequence        {5da47ac7-ee91-11e6-a772-d85eeb08ad5d}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Џа®ўҐаЄ  Ї ¬пвЁ Windows
---------------------
Ё¤Ґ­вЁдЁЄ в®а           {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             „Ё Ј­®бвЁЄ  Ї ¬пвЁ
locale                  ru-RU
inherit                 {globalsettings}
badmemoryaccess         Yes

Џ а ¬Ґвал EMS
-------------
Ё¤Ґ­вЁдЁЄ в®а           {emssettings}
bootems                 Yes

Џ а ¬Ґвал ®в« ¤зЁЄ 
-------------------
Ё¤Ґ­вЁдЁЄ в®а           {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

„ҐдҐЄвл Ћ‡“
-----------
Ё¤Ґ­вЁдЁЄ в®а           {badmemory}

ѓ«®Ў «м­лҐ Ї а ¬Ґвал
--------------------
Ё¤Ґ­вЁдЁЄ в®а           {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Џ а ¬Ґвал § Јаг§зЁЄ 
--------------------
Ё¤Ґ­вЁдЁЄ в®а           {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Џ а ¬Ґвал ЈЁЇҐаўЁ§®а 
-------------------
Ё¤Ґ­вЁдЁЄ в®а           {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Џ а ¬Ґвал § Јаг§зЁЄ  ў®ббв ­®ў«Ґ­Ёп
-----------------------------------
Ё¤Ґ­вЁдЁЄ в®а           {resumeloadersettings}
inherit                 {globalsettings}

Џ а ¬Ґвал гбва®©бвў
-------------------
Ё¤Ґ­вЁдЁЄ в®а           {5da47ac8-ee91-11e6-a772-d85eeb08ad5d}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


LastRegBack: 2017-09-01 02:49

==================== End of FRST.txt ============================